This folder has a script that can be used to access the drivers AWS Vaults, see Using AWS Secrets Manager to Store Testing Secrets wiki for more information.
Many of the sibling folders like csfle have their own setup-secrets.sh script that should be used
to ensure the proper secrets are written to that folder for local usage.
NOTE: Add secrets-export.sh to your .gitignore to prevent checking in credentials in your repo,
since some of the scripts (including csfle) will copy the secrets-export.sh to your repo.
The setup-secrets.sh script in this folder can be used for other vaults such as drivers/enterprise_auth or
drivers/atlas_connect. A full list of vaults and their usages is as follows:
| Vault | Usage |
|---|---|
| drivers/adl | Used in atlas_data_lake for Atlas Data Lake testing. |
| drivers/atlas | Can be manually used in conjunction with atlas to launch an atlas cluster in the prod environment. |
| drivers/atlas-dev | Used in atlas to launch an atlas cluster in the dev environment. |
| drivers/atlas-qa | Used in atlas to launch an atlas cluster in the qa environment. |
| drivers/atlas_connect | Has the URIs used in the Atlas Connect Drivers tests. |
| drivers/aws_auth | Used in auth_aws for AWS Auth testing. |
| drives/azurekms | Used in csfle/azurekms for Azure KMS testing. |
| drivers/azure_oidc | Used in auth_oidc/azure for OIDC Testing on Azure. |
| drivers/comment-bot | Used in github_app for the DBX Comment bot. |
| drivers/csfle | Used in cslfe for encryption related tests. |
| drivers/enterprise_auth | Has the creds needed for Enterprise Auth testing. |
| drivers/gcpkms | Used in cslfe/gcpkms for GCP KMS testing. |
| drivers/gcpoidc | Used in auth_oidc/gcp for OIDC Testing on GCP. |
| drivers/oidc | Used in oidc for OIDC Auth testing. |
| drivers/serverless | Used in serverless for serverless testing. |
| drivers/serverless_next | Used in serverless for serverless proxy testing. |
First assume the secrets role, and then pass the assumed credentials to a script that will need to access the secrets.
- command: ec2.assume_role
params:
role_arn: ${aws_test_secrets_role}
- command: subprocess.exec
params:
working_dir: src
binary: bash
include_expansions_in_env: [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN]
args:
- ${DRIVERS_TOOLS}/.evergreen/atlas/setup-secrets.shIf using one of the convenience scripts in one of the subfolders, or the following to use the script in this directory:
- command: ec2.assume_role
params:
role_arn: ${aws_test_secrets_role}
- command: subprocess.exec
params:
working_dir: src
binary: bash
include_expansions_in_env: [AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN]
args:
- -c
- ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_authDefine AWS_PROFILE to according to the Wiki instructions for "Setting up Local AWS Credentials".
If your credentials have expired, run the following to refresh:
aws sso login --profile $AWS_PROFILENow you can call any of the setup-secrets.sh scripts locally.