From the official guideline [1] said, it could integrate with AWS secrets management to get secret key, however, I follow the guideline and always failed to get secret keys from AWS.
And I also curious about how it works? because it did not have AWS access and secret key from environment, even I attach an IAM role to it with fully access to AWS secrets management, it still not works, please check following for docker-compose and also .drone.yml, thanks
version: '3'
services:
drone-server:
image: drone/drone:1.0.1
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /var/lib/drone:/data
restart: always
environment:
- DRONE_SERVER_PROTO=http
- DRONE_SERVER_HOST=drone.example.com
- DRONE_BITBUCKET_CLIENT_ID=xxx
- DRONE_BITBUCKET_CLIENT_SECRET=yyy
- DRONE_RPC_SECRET=zzz
- DRONE_AGENTS_ENABLED=true
- DRONE_TLS_AUTOCERT=false
- DRONE_RUNNER_CAPACITY=5
- DRONE_LOGS_DEBUG=true
drone-agent:
image: drone/agent:1.0.1
restart: always
depends_on:
- drone-server
volumes:
- /var/run/docker.sock:/var/run/docker.sock
environment:
- DRONE_RPC_SERVER=http://drone.example.com
- DRONE_RPC_SECRET=zz
- DRONE_RUNNER_NAME=drone-ci
- DRONE_RUNNER_CAPACITY=5
- DRONE_SECRET_SECRET=zz
- DRONE_SECRET_ENDPOINT=http://127.0.0.1:3000
drone-aws-secrets:
image: drone/amazon-secrets:latest
depends_on:
- drone-server
ports:
- 3000:3000
environment:
- SECRET_KEY=zz
.drone.yml as following
---
kind: secret
name: region
get:
path: test/drone
name: region
---
kind: secret
name: aws_access_key
get:
path: test/drone
name: aws_access_key
---
kind: secret
name: aws_secret_key
get:
path: test/drone
name: aws_secret_key
kind: pipeline
name: App-golang-builder
platform:
os: linux
arch: amd64
steps:
- name: build
image: golang
commands:
- go build
- name: upload
image: plugins/s3
settings:
bucket: example.bucket
region:
from_secret: region
access_key:
from_secret: aws_access_key
secret_key:
from_secret: aws_secret_key
source: hello.go
target: golang
Thanks