Class: Chef::SecretFetcher::AWSSecretsManager

Inherits:
Base
  • Object
show all
Defined in:
lib/chef/secret_fetcher/aws_secrets_manager.rb

Instance Attribute Summary

Attributes inherited from Base

#config, #run_context

Instance Method Summary collapse

Methods inherited from Base

#fetch, #initialize

Constructor Details

This class inherits a constructor from Chef::SecretFetcher::Base

Instance Method Details

#do_fetch(identifier, version) ⇒ Object

Returns Aws::SecretsManager::Types::GetSecretValueResponse.

Parameters:

  • identifier (String)

    the secret_id

  • version (String)

    the secret version.

Returns:

  • Aws::SecretsManager::Types::GetSecretValueResponse



57
58
59
60
61
62
# File 'lib/chef/secret_fetcher/aws_secrets_manager.rb', line 57

def do_fetch(identifier, version)
  client = Aws::SecretsManager::Client.new(config)
  result = client.get_secret_value(secret_id: identifier, version_stage: version)
  # These fields are mutually exclusive
  result.secret_string || result.secret_binary
end

#validate!Object



47
48
49
50
51
52
# File 'lib/chef/secret_fetcher/aws_secrets_manager.rb', line 47

def validate!
  config[:region] = config[:region] || Aws.config[:region] || run_context.node.dig("ec2", "region")
  if config[:region].nil?
    raise Chef::Exceptions::Secret::ConfigurationInvalid.new("Missing required config for AWS secret fetcher: :region")
  end
end