Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Can a credential:get() reference a Runtime Parameter or Runtime Property?

The problem I am trying to solve is providing credentials to a Pipeline running in two logical environments within the same AWS account (let's say: a "Dev" and a "Test"). I want to have a secret in SecretsManager that gives the value for a Dev credential and another secret that gives the equivalent value for the corresponding Test credential. If the credential:get() uses a hard-coded secret name then I'm stuck with using the same value for both, but it's not clear if this is actually the case.

The documentation for credential:get() states:

"the function must be the only value defined in the property. For example, you cannot include another function or a literal value along with the credential function."

It is not clear from this whether the parameters to credential:get() can reference either a Runtime Parameter or else a Runtime Property via a nested runtime:conf() call.

For example, if a Pipeline has a Runtime Parameter called "EnvironmentSpecificSecretParam", should the following work?

${credential:get("aws", "devops", EnvironmentSpecificSecretParam)}

Similarly, if there is a Runtime Property called "EnvironmentSpecificSecretProp", should the following work?

${credential:get("aws", "devops", runtime:conf('EnvironmentSpecificSecretProp')}