"Could not list credentials in Secrets Manager" #324
Labels
bug
Something isn't working
Comments
|
For what it's worth, I noticed there is no Just in case the absence of a |
|
Hey Chris,
Yes.... I removed it to see if that might've been the cause.
Seems not
…On Thu, May 30, 2024 at 4:18 PM Chris Kilding ***@***.***> wrote:
For what it's worth, I noticed there is no Sid on the relevant policy
stanza that the Jenkins plugin would use, i.e. this bit
{
"Effect": "Allow",
"Action": [
"secretsmanager:GetSecretValue",
"secretsmanager:ListSecrets",
"secretsmanager:DescribeSecret"
],
"Resource": "*"
}
Just in case the absence of a Sid causes that policy stanza to be read as
invalid (and therefore ignored by IAM), could you try adding a Sid to it,
and re-running your test scenario to see if the error still happens?
—
Reply to this email directly, view it on GitHub
<#324 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AANF2ZOQMWB4QMTXBMCUKW3ZE6JUBAVCNFSM6AAAAABIRBBKC6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBQHA4DAOBQHA>
.
You are receiving this because you authored the thread.Message ID:
<jenkinsci/aws-secrets-manager-credentials-provider-plugin/issues/324/2140880808
@github.com>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Jenkins and plugins versions report
Environment
What Operating System are you using (both controller, and any agents involved in the problem)?
Jenkins controller 2.440.3.7 running on CentOS 7.8.2003 x86_64
AWS Secrets Manager Credentials Provider Version1.214.va_0a_d8268d068
Reproduction steps
Installed plugin: AWS Secrets Manager Credentials Provider Version1.214.va_0a_d8268d068
According to the docs, the default configuration should provide authentication to AWS via the instance profile if the server is within EC2 which it is.
The attached instance profile name is: role-deployment-automation-within-ec2
The policy on that profile is:
Expected Results
AWS Secrets appear in jenkins credential store
Actual Results
Repeated occurrances of:
May 30, 2024 8:42:40 AM WARNING io.jenkins.plugins.credentials.secretsmanager.AwsCredentialsProvider getCredentials
Could not list credentials in Secrets Manager: message=[Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: You must specify a value for roleArn and roleSessionName, com.amazonaws.auth.profile.ProfileCredentialsProvider@9279de4: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@22deced1: Unable to load credentials. Access key or secret key are null.]]
Anything else?
No response
Are you interested in contributing a fix?
No response
The text was updated successfully, but these errors were encountered: