New JSON Schema for AWS Secretsmanager in GitLab CI

• Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This commit introduces support for using AWS Secrets Manager as a secrets provider in GitLab CI pipelines. With this change, users can securely fetch secrets stored in AWS Secrets Manager and inject them into their CI jobs, similar to existing integrations with Vault, Azure Key Vault, and GCP Secret Manager.

The integration leverages environment variables and configuration options to authenticate and retrieve secrets, providing a seamless and secure experience for teams using AWS as their secrets backend.

Documentation and examples will be updated to reflect the new configuration options and usage patterns for AWS Secrets Manager

This has to be done so GitLab Runner will then be able to work on that as implemented in: gitlab-runner!5587 (merged)

References

#542345 (closed)

How to set up and validate locally

1. Enable FF ci_aws_secrets_manager
2. Configure your .gitlab-ci.yml file with the following example:

# Simple configuration example
build-job:
  # Define ID token for OIDC authentication with AWS
  id_tokens:
    MY_TOKEN:
      aud: https://sts.amazonaws.com
  
  # Define AWS secrets to be retrieved
  secrets:
    DATABASE_PASSWORD:
      aws_secrets_manager: 'your-secret-id#field-name'
      token: $MY_TOKEN
      file: false  # Optional: set to false to store value directly in variable
  
  # Environment variables (can be set at project/group level)
  variables:
    AWS_REGION: eu-central-1 # required
    AWS_ROLE_ARN: 'arn:aws:iam::123456789123:role/your-role-name' # optional
  
  stage: build
  script:
    - echo "Accessing secret..."
    - echo "Secret retrieved successfully: $DATABASE_PASSWORD"

2. Since this MR doesn't include the CI YAML schema updates, you'll need to manually apply changes from MR #191905 to your local development environment.

3. For end-to-end testing, use the associated runner changes MR to see the feature working completely.

4. Ensure your AWS IAM role has appropriate permissions to access the secrets in AWS Secrets Manager.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.