The plugin needs to be configured with a secret config in order to connect to AWS Secrets Manager.
- GoCD server version
v19.6.0or above - AWS credentials to access secrets from AWS Secrets Manager
- Copy the file
build/libs/gocd-aws-based-secrets-plugin-VERSION.jarto the GoCD server under${GO_SERVER_DIR}/plugins/externaland restart the server. - The
GO_SERVER_DIRis usually/var/lib/go-serveron Linux andC:\Program Files\Go Serveron Windows.
-
Login to your GoCD server.
-
Navigate to Admin > Secret Management.
-
Click on ADD button.
-
Configure the mandatory fields.
Field Required Description Endpoint true The AWS service endpoint for the plugin to connect. AccessKey true The access key as a part of AWS credentials. SecretAccessKey true The secret access key as a part of AWS credentials. Region true Region in which AWS secrets manager is hosted. SecretName true The name of the secret to be utilized. SecretCacheTTL false The secrets cache TTL in milliseconds, defaults to 30 minutes. NOTE: The plugin caches secrets for a duration configured using the SecretCacheTTL. Currently GoCD does not provide a way to invalidate the cache. To invalidate the cache, change the SecretCacheTTL and save the SecretConfig.
-
Configure the
ruleswhere this secrets can be used.<rules>tag defines where this secretConfig is allowed/denied to be referred. For more details about rules and examples refer the GoCD Secret Management documentation -
Save.
- See Define Secret Params for more information