Terraform

How can you manage secrets/credentials in CI/CD?

Difficulty: unrated

Source: bregman-arie/devops-exercises by Arie Bregman

Answer

That very much depends on the CI/CD system/platform you are using.

  • GitHub Actions: Use Open ID Connect (OIDC) to establish connection with your provider. You then can specify in your GitHub Actions workflow the following:
- uses: aws-actions/configure-aws-credentials@v1
with:
 role-to-assume: arn:aws:iam::someIamRole
 aws-region: ...
  • Jenkins: If Jenkins runs on the provider, you can use the provider access entities (like roles, policies, ...) to grant the instance, on which Jenkins is running, access control
  • CircleCI: you can use CircleCI Context and then specify it in your CircleCI config file
context:
- some-context