Secrets can be read from the AWS Secrets
Manager and used within your template
as locals.
Note: Support for AWS secrets will always obtain the latest version of a secret, essentially
AWSCURRENT. Support for previous versions of a secret is not supported.
aws_secretsmanager(name, key)
aws_secretsmanager(name, key)
When key is not set (null or empty: "") then aws_secretsmanager returns
the first secret key stored in secret name.
You can either use this function in a locals block or directly inline where
you want to use the value.
locals{secret= aws_secretsmanager("my_secret", null)
}
source "null""first-example"{communicator="none"}build{name="my-build-name"sources=["null.first-example"]provisioner "shell-local" {environment_vars=["TESTVAR=${build.PackerRunUUID}"]inline=["echo my_secret is '${local.secret}'",
"echo my_secret using an inline call is '${aws_secretsmanager("my_secret", null)}'."]}}
locals{secret= aws_secretsmanager("my_secret", null)}source "null""first-example"{communicator="none"}build{name="my-build-name"sources=["null.first-example"]provisioner "shell-local" {environment_vars=["TESTVAR=${build.PackerRunUUID}"]inline=["echo my_secret is '${local.secret}'","echo my_secret using an inline call is '${aws_secretsmanager("my_secret", null)}'."]}}
This will load the key stored behind my_secret from aws secrets manager.
The retrieval of single key secrets or plaintext secrets can be obtained by specifying (null or empty: "") as the key.
When obtaining secrets that have multiple keys you can set key to the specific key you would like
to fetch. For example, given the following secret with two keys if key is set to "shell" aws_secretsmanager will
return only its value.
