dataday dataday

Credentials Management

This guide describes setting out a credential storage mechanism that is shared between the root account, aka releasr, and jenkins account. It intends to support and persist access credentials that are needed when authenticating with external services, primarily Docker Hub, for users wishing to access remote Docker images as part of their containerised services.

The following diagram aims to describe the control flow this setup intends to support.

This guide is a first, and a tad complicated sorry, pass at setting this up. It got us over the line for a couple of uses cases as well as working with automated build jobs.

	#!/usr/bin/env bash
	## A wrapper to assume a specified role via AWS Security Token Service (STS)
	#
	# Access to some AWS services can require specific role privileges in order to work
	# The script requests and returns the AWS credentials needed to perform certain tasks by assuming a specified role
	# The script interacts with AWS Security Token Service (STS) in order to assume the desired role
	#
	# The following command could be used if you wanted to assume the JenkinsAutomationRole to query AWS services
	# Please note not all options are required as it will depend on the environment the script is invoked against
	#

	#!/usr/bin/env python
	import argparse
	import logging
	import requests
	import math
	import os
	import re
	import sys
	from retry.api import retry_call
	from urllib.parse import urlparse

	#!/usr/bin/env bash

	# description: This script provides the ability to remove the top 5 heavy references from projects
	# author: dataday
	# version: 0.1.0

	# defaults
	EXEC=$(realpath -L "${0#./}")
	EXEC_BASE="${EXEC%/*}"
	EXEC_NAME=$(basename "$EXEC")