Hi all.
I’ve been trying to restrict the runners secret selection by adding the environment config named SECRETS_SELECTION to:/srv/dataops-runner-abcd-latest/config/config.toml
The configuration setting is:environment = ["SECRETS_SELECTION=dataops/abcd"]
In the DataOps.live project the variables.yaml file is set to ask for secrets:
SECRETS_MANAGER: AWS_PARAMETER_STORE
SECRETS_SELECTION: /dataops/xxxx/SNOWFLAKE/SOLE/
SECRETS_STRIP_PREFIX: /dataops/xxxx/
But when I trigger a pipeline that uses the restricted runner the pipeline can still access the secrets XXXX.
What am I doing wrong?
Many thanks.
Dave.
Best answer by Traycho Milev
View original