Secrets Manager support for Build Agent Token

We use Secrets Manager for all of our secrets, so having to store the Build Kite Agent Token in SSM is a bit of a snowfalke for us.

Hi @OwenCR!

Welcome to the community! :hugs:

Unfortunately, no. Currently, SSM is the only option for storing the agent token in the elastic stack. So It’s not possible to access SSM through Secret Managers.

It’s unclear for us what the benefit to the support of Secret Manager is, given that we already support parameter store. With SSM you have the same functionality.
But we would love to know more about your request! What would enable for you, what workflow is preferable in Secret Manager vs. Parameter Store?

Thanks!

Thanks Paula. Sorry if I didn’t post this in the right place. I was trying to post a feature request.

For my organization, the value in supporting secrets manager is that our Build Agent Token is treated like all of our other secrets. It fits into our IAM and KMS schemas the same way every other secret we maintain is. Having some secrets in parameter store increases the mental complexity of our system and IAM policies. The benefit is uniformity.

This ask certainly isn’t critical or blocking in nature. It would just be nice to have.

Hi @OwenCR!

No problem!
It seems that SSM ParameterStore secretly supports Secrets Manager: Referencing AWS Secrets Manager secrets from Parameter Store parameters - AWS Systems Manager
We will have to test it with the elastic ci stack to be sure, but in the meantime, I’ll pass it along to our Product Manager to analyze as a feature request.

Thanks!