Hi,
I have a requirement where I am doing a secret manager lookup from AWS using a specific IAM user role. This IAM user role keys are rotating once in a month. Like the AWS access key and secret id keeps changing.
How do I assume this role or how do I access these variables from AWS without defining the variables as bitbucket environment variable.
Please note, this is in continuation of ticket : BBS-156098, if you need more context.
@Nandini Vaiyapurithanks for your question.
We have similar workflow, but this is the responsibility of lambda function, the stage of setting values.
You can also retrieve the secrets from pipeline, it is also isolated . But for that you need separate user accessing secrets and permissions for it (or role if you want, it depends on how you setup permissions policy).
Also I would recommend to investigate how you encrypt and decrypt such sensitive info, making the double protection, because it is very sensitive info.
Here is the aws best practices in AWS Secrets Manager https://docs.aws.amazon.com/secretsmanager/latest/userguide/best-practices.html
Regards, Galyna
@Nandini Vaiyapurianyway you will have connection from aws to bitbucket or opposite - from bitbucket to aws.
So you need somehow to protect this communication, if you initiate connection with bitbucket from aws rotation, we recommend to create appropriate very limited access .
There are limited passwords, tokens, consider among them what you need exactly.
Here are bitbucket authentication docs
https://developer.atlassian.com/bitbucket/api/2/reference/meta/authentication
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.