[DRIVERS-2585] Use AWS Secrets Manager for AWS-Related Test Secrets Created: 28/Mar/23 Updated: 29/Jan/24 |
|
| Status: | Scheduled |
| Project: | Drivers |
| Component/s: | None |
| Fix Version/s: | None |
| Type: | Epic | Priority: | Unknown |
| Reporter: | Steve Silvester | Assignee: | Noah Stapp |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Changes: | Needed | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Engineering Lead: | |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Program Manager: | |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Scope Cost Estimate: | 0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cost to Date: | 0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Final Cost Estimate: | 0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Cost Threshold %: | 100 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Detailed Project Statuses: | Engineer(s): Noah Stapp 2023-09-15:
2023-09-01:
2023-08-21:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Driver Compliance: |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Description |
Summary_We currently have around 20 Evergreen Project variables that are used to populate a ${DRIVERS_TOOLS}/.evergreen/auth_aws/aws_e2e_setup.json file that is used in Drivers Evergeen Tools in test scripts. As part of DRIVERS-2415, we now have a mechanism to store and retrieve variables using AWS Secrets Manager, rather than continuing to grow this list of manually updated variables across all drivers. All members of dbx have access to view and update the secrets using the drivers-test-secrets-role login option in the Drivers AWS account. This project would move the existing affected Project Variables and create a new wiki page for the maintenance and upkeep of these secrets. There would be a new script created in Drivers Evergreen Tools to create an expansion file used by EG to provide these values as environment variables which can then be used by the existing scripts instead of loading the values from aws_e2e_setup.json. Drivers would then replace the portion of their Evergreen Config with a block that acquires the appropriate credentials and expands the variables. They would also be able to remove the affected project variables from EG. MotivationAdding and updating credentials currently requires the coordination of all of the driver teams, and manual effort. |
| Comments |
| Comment by Githook User [ 29/Jan/24 ] |
|
Author: {'name': 'Steven Silvester', 'email': 'steven.silvester@ieee.org', 'username': 'blink1073'}Message: DRIVERS-2585 Use AWS Secrets Manager for CSFLE (#390)
--------- Co-authored-by: Kevin Albertson <kevin.albertson@10gen.com> |
| Comment by Githook User [ 01/Sep/23 ] |
|
Author: {'name': 'Steven Silvester', 'email': 'steven.silvester@ieee.org', 'username': 'blink1073'}Message: DRIVERS-2585 Make the Secrets Access errors more user friendly (#347) DRIVERS-2585 Make the errors more user friendly |
| Comment by Githook User [ 30/Aug/23 ] |
|
Author: {'name': 'Steven Silvester', 'email': 'steven.silvester@ieee.org', 'username': 'blink1073'}Message: DRIVERS-2585 Migrate OIDC Secrets Handling (#345) |
| Comment by Githook User [ 14/Aug/23 ] |
|
Author: {'name': 'Noah Stapp', 'email': 'noah.stapp@mongodb.com', 'username': 'NoahStapp'}Message: DRIVERS-2585 Default to AWS_PROFILE if a profile is not provided (#337) |
| Comment by Githook User [ 08/Aug/23 ] |
|
Author: {'name': 'Noah Stapp', 'email': 'noah.stapp@mongodb.com', 'username': 'NoahStapp'}Message: DRIVERS-2585 Use AWS Secrets Manager for AWS-Related Test Secrets (#334) |
| Comment by Tom Selander [ 18/Apr/23 ] |
|
Bringing this to triage today since this came up again in Slack for where we store secrets. We should figure out next steps for 1Password even if this ticket doesn't get picked up |