1 Answer
- Newest
- Most votes
- Most comments
0
Use of SecretsManager provides secure way to provide credentials to Greengrass components.
You can use https://github.com/awslabs/aws-greengrass-labs-secretsmanagerclient to avoid having to code the interaction with the IPC API and be able to retrieve the secret directly in the lifecycle script.
An example on how to use it can be seen in https://github.com/awslabs/aws-greengrass-labs-nodered-auth/blob/9ff4371f76298aabeb9b4bb736fa86028ae6f09c/recipe.yaml#L35.
For your specific exmaple, the lifecyle recipe would contain something like:
Lifecycle:
Install: |-
export USERNAME="{configuration:/USERNAME}"
export PASSWORD=$(java -jar {aws.greengrass.labs.SecretsManagerClient:artifacts:path}/secrets.jar {configuration:/USERNAME})
pip3 install -r {artifacts:decompressedPath}/ComponentName/requirements.txt --extra-index-url=https://${USERNAME}:${PASSWORD}@company.jfrog.io/artifactory/api/pypi/company-pypi/simple
Relevant content
- Accepted Answerasked 2 months ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
Awesome, thanks! I ended up not using the
SecretsManagerClient
but used it as inspiration for a custom implementation using the mainSecretManager
component and IPC client.