Add support for AWS SecretsManager as BK token provider #98
Conversation
|
Thanks for this @alloveras! This looks great. Looks like the |
|
Thank you @lox . I absolutely agree about extracting it into a library but I can definitely do that in a separate PR if you guys find it useful 😄 |
|
This should be backwards compatible, right? |
I am pretty sure it is given that all the new code is behind new environment variables so they are opt-in features. The only existing code that I slightly changed is the @lox What do you think ? |
| if err := checkMutuallyExclusiveEnvVars(mutuallyExclusiveEnvVars...); err != nil { | ||
| return nil, err | ||
| } |
There was a problem hiding this comment.
This is maybe a non-backwards compatible part of the code. This is because, if someone is using previous versions and setting both BUILDKITE_AGENT_TOKEN and BUILDKITE_AGENT_TOKEN_SSM_KEY they will now get an error whereas before SSM will take precedence.
There was a problem hiding this comment.
That sounds to me like fixing a bug! :)
|
I reckon let's move the README.md from the token dir into a section of the main README so folks know how to use it, then let's merge this. |
|
Sure, will do that ASAP and submit a new revision :D |
|
Thanks for the contribution @alloveras! |
Intent
To allow retrieving the BK API token from AWS Secrets Manager.
Problem
The current approach is not flexible enough if we want to keep adding different methods to retrieve the BK API token.
Solution
To represent the behaviour of retrieving a BK API token using an interface and provide particular implementations to all the sources we currently support plus a new one for AWS SecretsManager.