Retrieving rotating keys from AWS

Nandini Vaiyapuri February 3, 2021

Hi,

I have a requirement where I am doing a secret manager lookup from AWS using a specific IAM user role. This IAM user role keys are rotating once in a month. Like the AWS access key and secret id keeps changing. 

How do I assume this role or how do I access these variables from AWS without defining the variables as bitbucket environment variable.

Please note, this is in continuation of ticket : BBS-156098, if you need more context.

1 answer

0 votes
Halyna Berezovska
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 4, 2021

@Nandini Vaiyapurithanks for your question.

We have similar workflow, but this is the responsibility of lambda function, the stage of setting values. 

You can also retrieve the secrets from pipeline, it is also isolated . But for that you need separate user accessing secrets and permissions for it (or role if you want, it depends on how you setup permissions policy).

Also I would recommend to investigate how you encrypt and decrypt such sensitive info, making the double protection, because it is very sensitive info.

Here is the aws best practices in AWS Secrets Manager  https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html

Regards, Galyna

Halyna Berezovska
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
February 4, 2021

@Nandini Vaiyapurianyway you will have connection from aws to bitbucket or opposite - from bitbucket to aws.

So you need somehow to protect this communication, if you initiate connection with bitbucket from aws rotation, we recommend to create appropriate very limited access .

There are limited passwords, tokens, consider among them what you need exactly.

Here are bitbucket authentication docs

https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication

https://bitbucket.org/blog/two-step-verification-is-here

Like Nandini Vaiyapuri likes this

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events