You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To enable tessera to use AWS Secrets Manager, we need to configure 3 environment variables namely - AWS_REGION, AWS_SECRET_ACCESS_KEY& AWS_ACCESS_KEY_ID. But if an organisation has restricted to get only AWS_REGION & AWS_ACCESS_KEY_ID from AWS environment. Instead of AWS_SECRET_ACCESS_KEY, we have IAM role. Hope this would be best practice too for security reasons.
Now, the question is how to use IAM role instead of AWS_SECRET_ACCESS_KEY to enable tessera to use AWS Secrets Manager?
Suggestion from devops - @techiegk are you able to see if the below suggestion works for you?
It is possible that if the environment variables are not configured and instance role attached to the EC2 instance has correct permissions, AWS api library will do the work to make use of the instance role.
Someone would need to test this and confirm to be sure. Update in documentation would also be nice I believe.
To enable tessera to use AWS Secrets Manager, we need to configure 3 environment variables namely - AWS_REGION, AWS_SECRET_ACCESS_KEY& AWS_ACCESS_KEY_ID. But if an organisation has restricted to get only AWS_REGION & AWS_ACCESS_KEY_ID from AWS environment. Instead of AWS_SECRET_ACCESS_KEY, we have IAM role. Hope this would be best practice too for security reasons.
Now, the question is how to use IAM role instead of AWS_SECRET_ACCESS_KEY to enable tessera to use AWS Secrets Manager?
https://docs.tessera.consensys.net/en/stable/HowTo/Configure/KeyVault/AWS-Secrets-Manager/
The text was updated successfully, but these errors were encountered: