Integrate with the AWS Parameter Store to pull secrets for safer deployments

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Some users that deploy to AWS are not using environment variables, but are using the AWS parameter store in order to pull secrets during the deployment. It would be nice if we could create a way for them to do this directly from the gitlab-ci.yml file

Intended users

• Devon (DevOps Engineer)

Further details

AWS CLI

value=$(aws ssm get-parameters --names parameter_name --with-decryption)

aws ssm send-command –name AWS-JoinDomain –parameters password=$value –instance-id instance-id

Proposal

Create a new stand-alone docker image on top of our AWS CLI image that loads AWS Parameter Store keys as environment variables.

Permissions and Security

Documentation

Availability & Testing

What does success look like, and how can we measure that?

What is the type of buyer?

Is this a cross-stage feature?

This falls under the Release stage but can involve Category:Secrets Management under ~"group::release management"

Links / references

• https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-about-examples.html
• https://stp5.net/blog/post/secrets-in-aws/
• https://github.com/aws-samples/aws-net-guides/tree/master/Communications/ParameterStore-Example
• https://circleci.com/orbs/registry/orb/circleci/aws-parameter-store

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.