From b7128567572fa7ea91e61bda5976e7befa3ab740 Mon Sep 17 00:00:00 2001 From: Josh Kodroff Date: Wed, 16 Apr 2025 20:25:32 -0400 Subject: [PATCH] Add example for aws-secrets to show kv pairs. --- .../dynamic-secrets/aws-secrets.md | 31 ++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/content/docs/esc/integrations/dynamic-secrets/aws-secrets.md b/content/docs/esc/integrations/dynamic-secrets/aws-secrets.md index d2202ff73240..fba0c5e281cd 100644 --- a/content/docs/esc/integrations/dynamic-secrets/aws-secrets.md +++ b/content/docs/esc/integrations/dynamic-secrets/aws-secrets.md @@ -15,7 +15,9 @@ aliases: The `aws-secrets` provider enables you to dynamically import Secrets from AWS Secrets Manager into your Environment. The provider will return a map of names to Secrets. -## Example +## Example: Plain-Text Secrets + +The following example demonstrates how to retrieve plain-text (i.e., scalar value) secrets from AWS Secrets Manager: ```yaml values: @@ -37,6 +39,33 @@ values: secretId: app-secret ``` +## Example: Key/Value Pair Secrets + +The following example demonstrates how to retrieve key/value pair (i.e. JSON) secrets from AWS Secrets Manager and map them to Pulumi IaC configuration values: + +```yaml +values: + aws: + login: + fn::open::aws-login: + oidc: + roleArn: arn:aws:iam::123456789:role/esc-oidc + sessionName: pulumi-environments-session + secrets: + fn::open::aws-secrets: + region: us-west-1 + login: ${aws.login} + get: + db-creds: + secretId: prod-db + secrets-unpacked: + db-creds: + fn::fromJSON: ${aws.secrets.my-secret} + pulumiConfig: + dbUserName: ${aws.secrets-unpacked.db-creds.userName} + dbPassword: ${aws.secrets-unpacked.db-creds.password} +``` + ## Configuring OIDC To learn how to configure OpenID Connect (OIDC) between Pulumi Cloud and AWS, see [Configuring OpenID Connect for AWS](/docs/pulumi-cloud/oidc/provider/aws/). Once you have completed these steps, you can validate that your configuration is working by running either of the following: