(@aws-cdk/aws-codepipeline-actions): Github Access Token / Secrets Manager not updating
See original GitHub issueRecently we’ve had to update our personal access tokens for Github and we’ve had some CodePipelines setup through the CDK to use this through @aws-cdk/aws-codepipeline-actions.GitHubSourceAction
.
After updating the secret in Secrets Manager
through the console, all pipelines fail to build from Github as the previous token has been revoked. Re-deploying the CDK doesn’t do anything as technically nothings changed in there.
Reproduction Steps
- Create a Personal Access token in Github
- Save that PAT in Secrets Manager under
/github/pipeline-token
- Create a CodePipeline using CDK with the following source
const sourceOutput = new Artifact();
const sourceAction = new GitHubSourceAction({
actionName: 'GithubSource',
owner: 'repo-owner',
repo: 'repo-name',
branch,
oauthToken: SecretValue.secretsManager('/github/pipeline-token'),
output: sourceOutput,
});
- Run it once, it should run as expected
- Re-generate the PAT in Github and update the value in Secrets Manager
- Now do a release in the Pipeline and it will fail as the token no longer works
What did you expect to happen?
It should automatically get the latest version from SecretsManager
What actually happened?
It does not get the latest token version from SecretsManager
Environment
- CDK CLI Version : 1.97.0
- Framework Version:
- Node.js Version: 12.20.1
- OS : Ubuntu 20
- Language (Version): TypeScript (4.2.3)
Other
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Using Secrets Manager for GitHub token fails authentication ...
I closed the issue because it's not the CDK - it's CloudFormation that's unable to get the webhook working without manual intervention.
Read more >Resolve Secrets Manager secret access errors after updating ...
I attempted to retrieve or access an AWS Secrets Manager secret, ... This version of secret is not encrypted with the current KMS...
Read more >Step 1: Add GitHub credentials to AWS Secrets Manager
We will be using AWS Secrets Manager to store our GitHub access token so that our CodeBuild project will be able to reference...
Read more >Using secrets from Secret Manager | Cloud Build Documentation
Configuring builds to access UTF-8 secrets from Secret Manager ... to specify the secret version and the environment variable to use for the...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Yea fair enough. I think at a minimum, maybe just state it as a limitation in the docs?
Hi @skinny85,
That didn’t seem to work. I did get it to update by doing the following: