我正试图从AWS那里获得这个秘密,如下所示:
import boto3
import os
mysql_secret = os.environ['MYSQL_SECRET']
def get_secret():
region_name = "us-west-2"
# Create a Secrets Manager client
session = boto3.session.Session()
client = session.client(
service_name='secretsmanager',
region_name=region_name
)
get_secret_value_response = client.get_secret_value(SecretId=mysql_secret)
# Decrypts secret using the associated KMS key.
secret = get_secret_value_response['SecretString']
return secret
secret = get_secret()
使用Dockerfile
# Top level build args
ARG build_for=linux/arm64/v8
FROM --platform=$build_for python:3.11.4-bullseye as base
# Set docker basics
VOLUME /usr/app
ARG MYSQL_SECRET='mysql_secret'
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY='some_key'
ARG AWS_DEFAULT_REGION='us-west-2'
ARG AWS_SECURITY_TOKEN='some_token'
RUN apt-get update -y
RUN apt-get install libpq-dev -y
RUN apt-get install default-libmysqlclient-dev -y
RUN apt-get install pkg-config -y
RUN python -m pip install boto3
COPY ./test.py /usr/app/test.py
RUN python /usr/app/test.py
我四处张望了一会儿,试着加了
ENV AWS_CONFIG_FILE=/root/.aws/config
ENV AWS_SDK_LOAD_CONFIG=1
添加到Docker文件
我try 直接传递凭据,如下所示
docker build . -t test:0.1 \
--build-arg AWS_ACCESS_KEY_ID=${access_key_here} \
--build-arg AWS_SECRET_ACCESS_KEY=${secret_key_here} \
--build-arg AWS_DEFAULT_REGION=${us-west-2} \
--build-arg AWS_SECURITY_TOKEN=${token_here}
似乎什么都不管用.
最新情况: 我补充道
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY='some_key'
ARG AWS_DEFAULT_REGION='us-west-2'
ARG AWS_SECURITY_TOKEN='some_token'
按照Vasyl Herman的建议,硬编码了4个参数中的3个,省略了AWS_ACCESS_KEY_ID.
然后我试着 run
docker build . -t test:0.1 --build-arg AWS_ACCESS_KEY_ID=${some_key},但仍收到相同的错误.即使它在访问密钥也被硬编码的情况下工作.
如果我硬编码访问密钥,但遗漏了密钥,则在运行时会收到不同的错误
docker build . -t test:0.1 --build-arg AWS_SECRET_ACCESS_KEY=${some_key}个
:
zsh: bad substitution.