Thomas Step

<- Blog

Interested in learning more about serverless AWS? Check out my Guide to Building with Serverless AWS (only pay what you want)

Using Secrets Manager in CodeBuild with a CloudFormation Template

While I was trying to figure out how to add secrets from AWS Secrets Manager to CodeBuild, I could not seem to find a concrete example of a CloudFormation template that implemented this. While it is not too complicated, I wanted to throw some actual yaml up on the internet in case anyone else was looking for the same thing.

    Type: String
    Description: My secret used in CodeBuild

    Type: 'AWS::SecretsManager::Secret'
      Name: MySecret
      Description: My secret used in CodeBuild
      SecretString: !Sub '${MySecretAsParameter}’
        - Name: “MY_SECRET”
          Type: "SECRETS_MANAGER"
          Value: "MySecret"

In your buildspec file you can use this as you would normally use an environment variable in a bash command: curl -H “Authorization: $MY_SECRET” …. This will keep your secrets in a secure place but still enable you to use them in your pipeline all natively in AWS.

Categories: ops | aws