This folder has a script that can be used to access the drivers AWS Vaults, see Using AWS Secrets Manager to Store Testing Secrets wiki for more information.
Many of the sibling folders like csfle have their own setup-secrets.sh script that should be used
to ensure the proper secrets are written to that folder for local usage.
NOTE: Add secrets-export.sh to your .gitignore to prevent checking in credentials in your repo,
since some of the scripts (including csfle) will copy the secrets-export.sh to your repo.
The setup-secrets.sh script in this folder can be used for other vaults such as drivers/enterprise_auth or
drivers/atlas_connect. A full list of vaults and their usages is as follows:
| Vault | Usage |
|---|---|
| drivers/adl | Used in atlas_data_lake for Atlas Data Lake testing. |
| drivers/atlas | Can be manually used in conjunction with atlas to launch an atlas cluster in the prod environment. |
| drivers/atlas-dev | Used in atlas to launch an atlas cluster in the dev environment. |
| drivers/atlas_connect | Has the URIs used in the Atlas Connect Drivers tests. |
| drivers/aws_auth | Used in auth_aws for AWS Auth testing. |
| drives/azurekms | Used in csfle/azurekms for Azure KMS testing. |
| drivers/azure_oidc | Used in auth_oidc/azure for OIDC Testing on Azure. |
| drivers/comment-bot | Used in github_app for the DBX Comment bot. |
| drivers/csfle | Used in cslfe for encryption related tests. |
| drivers/enterprise_auth | Has the creds needed for Enterprise Auth testing. |
| drivers/gcpkms | Used in cslfe/gcpkms for GCP KMS testing. |
| drivers/gcpoidc | Used in auth_oidc/gcp for OIDC Testing on GCP. |
| drivers/oidc | Used in oidc for OIDC Auth testing. |
| drivers/serverless | Used in serverless for serverless testing. |
| drivers/serverless_next | Used in serverless for serverless proxy testing. |
If using a Linux host on Evergreen, the shorthand version of the script can be used to get the credentials, e.g.
- command: subprocess.exec
params:
working_dir: src
binary: bash
args:
- ${DRIVERS_TOOLS}/.evergreen/atlas/setup-secrets.shIf using one of the convenience scripts in one of the subfolders, or the following to use the script in this directory:
- command: subprocess.exec
params:
working_dir: src
binary: bash
args:
- -c
- ${DRIVERS_TOOLS}/.evergreen/secrets_handling/setup-secrets.sh drivers/enterprise_authIf using other hosts, the following form should be used:
- command: ec2.assume_role
params:
role_arn: ${aws_test_secrets_role}
- command: subprocess.exec
params:
working_dir: src
binary: bash
include_expansions_in_env: ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY", "AWS_SESSION_TOKEN"]
args:
- ${DRIVERS_TOOLS}/.evergreen/atlas/setup-secrets.shDefine AWS_PROFILE to according to the Wiki instructions for "Setting up Local AWS Credentials".
If your credentials have expired, run the following to refresh:
aws sso login --profile $AWS_PROFILENow you can call any of the setup-secrets.sh scripts locally.