This component deploys a SecretManagerClient java cli tool that can be used by other components to retrieve secrets that have been synchronized locally to the Greengrass core via the aws.greengrass.SecretManager
component.
This component does not perform any processing on its own and only deploys the executable. You need to invoke the executable from another component which you made dependent on aws.greengrass.labs.SecretsManagerClient
by executing:
java -jar
{aws.greengrass.labs.SecrectsManagerClient:artifacts:path}/secrets.jar
<secretId>
To allow the component using the SecretManagerClient to access the secret, you need to add an accessControl
section in the recipe of the component that is usng the SecretsManagerClient (see Retrieve Secret Values documentation for the authorization policy format).
Add the necessary authorization policies to the Greengrass Token Exchange Role as explained in the SecretsManager component requirements.
For example, the recipe of a component using SecretsManagerClient would look like:
RecipeFormatVersion: 2020-01-25
...
ComponentDependencies:
aws.greengrass.labs.SecretsManagerClient:
VersionRequirement: ">0.0.0"
ComponentConfiguration:
DefaultConfiguration:
username: "test"
accessControl:
aws.greengrass.SecretManager:
auth-1:
operations:
- aws.greengrass#GetSecretValue
resources:
- "*"
Manifests:
- Lifecycle:
Startup:
Script: |-
PWD=$(java -jar {aws.greengrass.labs.SecretsManagerClient:artifacts:path}/secrets.jar aws.greengrass.labs.nodered/{configuration:/username})
...
Finally, you'll need to explicitly add the aws.greengrass.SecretManager
component to the deployment in order to configure the cloudSecrets
resources.
To install this component follow the instructions in BUILD.md
This component has the following versions:
- 1.0.0
This component is a generic component. The Greengrass nucleus runs the component's lifecycle scripts.
For more information, see component types
This component does not have any additional requirements to Greengrass Nucleus.
When you deploy a component, AWS IoT Greengrass also deploys compatible versions of its dependencies. This means that you must meet the requirements for the component and all of its dependencies to successfully deploy the component. This section lists the dependencies for the released versions of this component and the semantic version constraints that define the component versions for each dependency. You can also view the dependencies for each version of the component in the AWS IoT Greengrass console. On the component details page, look for the Dependencies list.
Dependency | Compatible versions | Dependency type |
---|---|---|
Secret Manger | >=0.0.0 <3.0.0 | Soft |
This component does not have any configuration
This component does not generate any log. You can find log entries in the log file of the component using it.
The following table describes the changes in each version of the component.
Version | Changes |
---|---|
1.0.0 | Initial version |