Skip to content

Error while creating an AWS Secrets Manager secret #82

Open
Open
Error while creating an AWS Secrets Manager secret#82
@jonatasbaldin

Description

@jonatasbaldin
jonatasbaldin
opened on Nov 11, 2020

Hi there!

Describe the bug:
Not able to create an AWS Secrets Manager secret, got the error:

2020-11-11T12:27:47.7662466Z E1111 12:27:47.765945       1 controller.go:117] controllers/ExternalSecret "msg"="error while reconciling ExternalSecret" "error"="cannot get ExternalSecret data from store: name \"mySecret\": error getting secret value: unknown endpoint, could not resolve endpoint, partition: \"all partitions\", service: \"secretsmanager\", region: \"eu-central-1\"" "externalsecret"={"Namespace":"default","Name":"test-one"}

The following resources were created:

apiVersion: secret-manager.itscontained.io/v1alpha1
kind: SecretStore
metadata:
  name: aws-secret-store
spec:
  aws:
    authSecretRef:
      accessKeyID:
        key: access-key
        name: aws-key
      secretAccessKey:
        key: secret-key
        name: aws-key
apiVersion: secret-manager.itscontained.io/v1alpha1
kind: ExternalSecret
metadata:
  name: test-one
spec:
  data:
  - remoteRef:
      name: mySecret
      property: key1
    secretKey: key1
  storeRef:
    name: aws-secret-store

The Secret used to authenticate on AWS is as follows:

apiVersion: v1
kind: Secret
metadata:
  name: aws-key
data:
  access-key: <redacted>
  secret-key: <redacted>
type: Opaque

The AWS Secrets Manager has the following secret:

$ aws secretsmanager get-secret-value --secret-id mySecret --region eu-central-1

{
    "ARN": "redacted",
    "Name": "mySecret",
    "VersionId": "35645498-8b3a-42bb-9e81-075807822659",
    "SecretString": "{\"key1\":\"value1\"}",
    "VersionStages": [
        "AWSCURRENT"
    ],
    "CreatedDate": "2020-11-10T14:35:03.762000+01:00"
}

I'm also used the Administrator user in the AWS authentication to eliminate any possible permission errors.

Expected behavior
Generate a new Secret with the information from AWS Secrets Manager.

Steps to reproduce the bug:

  • Install secret-manager via Helm
  • Create the resources above and watch the controller logs

Environment details::

  • Kubernetes version (e.g. v1.18.9): v1.17.0 (Kind)
  • Secret-Manager version (e.g. v0.2.0): v0.3.0
  • SecretStore type(e.g. Vault vs AWS SecretManager): AWS Secret Manager
  • Install method (e.g. helm or static manifests): Listed above

/kind bug

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions