Skip to content

Commit

Permalink
use aws secrets manager for a secure retrieval
Browse files Browse the repository at this point in the history
  • Loading branch information
izaim authored Mar 30, 2024
1 parent ac3c86e commit adf4106
Showing 1 changed file with 7 additions and 9 deletions.
16 changes: 7 additions & 9 deletions .github/workflows/test_coverage_with_tokens.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,6 @@ jobs:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}

run: |
OUTPUT=$(aws cognito-idp "${{ secrets.COGNITO_INIT }}" --user-pool-id "${{ secrets.COGNITO_USER_POOL_ID }}" --client-id "${{ secrets.COGNITO_CLIENT_ID }}" --auth-flow "${{ secrets.COGNITO_AUTH_FLOW }}" --auth-parameters USERNAME="${{ secrets.COGNITO_USERNAME }}",PASSWORD=${{ secrets.COGNITO_PASSWORD }})
echo ACCESS_TOKEN=$(echo "$OUTPUT" | jq -r '.AuthenticationResult.AccessToken' | sed 's/^"\(.*\)"$/\1/') >> $GITHUB_OUTPUT
echo ID_TOKEN=$(echo "$OUTPUT" | jq -r '.AuthenticationResult.IdToken' | sed 's/^"\(.*\)"$/\1/') >> $GITHUB_OUTPUT

- name: Setup Python
uses: actions/setup-python@v4
Expand All @@ -59,13 +54,16 @@ jobs:
- name: Install requirements_dev.txt
run: pip install -r requirements_dev.txt

- name: Retrieve Cognito Tokens from AWS Secrets Manager
run: |
echo "CRIPT_TOKEN=$(aws secretsmanager get-secret-value --secret-id Pipelines_CognitoAccessToken --query SecretString --output text)" >> $GITHUB_ENV
echo "CRIPT_STORAGE_TOKEN=$(aws secretsmanager get-secret-value --secret-id Pipelines_CognitoIdToken --query SecretString --output text)" >> $GITHUB_ENV
- name: Test Coverage
run: pytest tests/api/test_api.py
env:
ACCESS_TOKEN: ${{ steps.cognito-token.outputs.ACCESS_TOKEN }}
ID_TOKEN: ${{ steps.cognito-token.outputs.ID_TOKEN }}
CRIPT_HOST: https://lb-stage.mycriptapp.org/
CRIPT_TOKEN: $ACCESS_TOKEN
CRIPT_STORAGE_TOKEN: $ID_TOKEN
CRIPT_TOKEN: ${{ env.CRIPT_TOKEN }}
CRIPT_STORAGE_TOKEN: ${{ env.CRIPT_STORAGE_TOKEN }}
CRIPT_TESTS: True

0 comments on commit adf4106

Please sign in to comment.