Drone Integration with the AWS Secrets Manager

Today Drone.io, the leading open source cloud native continuous integration (CI) and continuous delivery (CD) platform, is announcing the official integration with the AWS Secret Manager secret manager which secures, stores, and tightly controls access to tokens, passwords, certificates, API keys, and other secrets in modern computing. This integration allows you to securely share secrets stored in AWS with your deployment pipelines.

Get Started using Drone with AWS Secrets

Get started by installing the 0.9 technology preview and by installing the Amazon plugin. Once installed, the first step is to create a secret resource (below). For demonstration purposes, lets store our Docker registry credentials, used to publish images to Dockerhub.

AWS Secret Create

Note that you can use the X-Drone-Repos and X-Drone-Events annotations to limit which repositories and pipeline events have access to these secrets (above). Next you will need to name your secret (below).

Kubernetes Secret Info

The final step is to reference the secrets in your .drone.yml configuration file, in the secrets section. In the below example, the secret is referenced as prod/docker#username, where prod/docker is the name of the secret, and username is the secret key.

kind: pipeline
name: default

steps:
- name: publish
  image: plugins/docker
  settings:
    repo: octocat/server
    username:
      $secret: username
    password:
      $secret: password

---
kind: secret
type: external

data:
  username: prod/docker#username
  password: prod/docker#password

Drone is modern CI/CD. Container-native and available via open source and an enterprise on-prem edition. Try it today.