Drone

How drone/amazon-secrets works?

From the official guideline [1] said, it could integrate with AWS secrets management to get secret key, however, I follow the guideline and always failed to get secret keys from AWS.

And I also curious about how it works? because it did not have AWS access and secret key from environment, even I attach an IAM role to it with fully access to AWS secrets management, it still not works, please check following for docker-compose and also .drone.yml, thanks

version: '3'

services:
  drone-server:
    image: drone/drone:1.0.1
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/drone:/data
    restart: always
    environment:
      - DRONE_SERVER_PROTO=http
      - DRONE_SERVER_HOST=drone.example.com
      - DRONE_BITBUCKET_CLIENT_ID=xxx
      - DRONE_BITBUCKET_CLIENT_SECRET=yyy
      - DRONE_RPC_SECRET=zzz
      - DRONE_AGENTS_ENABLED=true
      - DRONE_TLS_AUTOCERT=false
      - DRONE_RUNNER_CAPACITY=5
      - DRONE_LOGS_DEBUG=true

  drone-agent:
    image: drone/agent:1.0.1
    restart: always
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_SERVER=http://drone.example.com
      - DRONE_RPC_SECRET=zz
      - DRONE_RUNNER_NAME=drone-ci
      - DRONE_RUNNER_CAPACITY=5
      - DRONE_SECRET_SECRET=zz
      - DRONE_SECRET_ENDPOINT=http://127.0.0.1:3000

  drone-aws-secrets:
    image: drone/amazon-secrets:latest
    depends_on:
      - drone-server
    ports:
      - 3000:3000
    environment:
      - SECRET_KEY=zz

.drone.yml as following

---
kind: secret
name: region
get:
  path: test/drone
  name: region

---
kind: secret
name: aws_access_key
get:
  path: test/drone
  name: aws_access_key

---
kind: secret
name: aws_secret_key
get:
  path: test/drone
  name: aws_secret_key

kind: pipeline
name: App-golang-builder

platform:
  os: linux
  arch: amd64
 
steps:
  - name: build
    image: golang
    commands:
      - go build 
  - name: upload
    image: plugins/s3
    settings:
      bucket: example.bucket
      region:
        from_secret: region
      access_key:
        from_secret: aws_access_key
      secret_key:
        from_secret: aws_secret_key
      source: hello.go
      target: golang

Thanks

[1] https://docs.drone.io/extend/secrets/amazon/