Teller 2.0 aws_secretsmanager example/configuration help

[pgpx]

Hi, I've just installed Teller (2.0 from homebrew), but I cannot get it to work with secrets that I have in AWS secretsmanager, and I cannot find an example configuration to try either.

My teller.yaml:

providers:
  aws_secretsmanager_1:
    kind: aws_secretsmanager
    maps:
    - id: dev-gitlab
      path: my/aws/secrets/path
      keys:
        MY_SECRET: my-secret

But teller show just returns Error: NOT FOUND /my/aws/secrets/path: not found

And I've also tried variations on that, e.g.

providers:
  aws_secretsmanager_1:
    kind: aws_secretsmanager
    maps:
    - id: dev-gitlab
      path: my/aws/secrets/path/my-secret
      keys:
        MY_SECRET: ==

gives Error: expected value at line 1 column 1

But aws secretsmanager get-secret-value --secret-id my/aws/secrets/path/my-secret works (and the secret value is just a single string). I'm obviously doing something wrong, but I'm not sure what!

[stvnksslr]

you have the paths backwards I think

its

keys:
   aws_secret_name: LOCAL_ENV_SECRET_NAME

Thats the main thing that jumps out at me from what i see.

[pgpx]

Oh, thanks for the hint. And after looking through the code I now realise that the secret manager secrets have to actually be JSON values, whereas I was using a separate secret for each value (stored as a plain text value)!

Would it be possible to allow single plain text values as secrets (instead of a JSON dict), or is it just generally recommended to use a dict anyway? (Though Teller does seem to work nicely anyway, so not essential)

[stvnksslr]

I cant speak for the maintainers position but the K:V style keeps things pretty consistent between providers and interoperable with lots of secret pulling tools such as the ones in the k8s ecosystem.

Is there a specific usecase your looking for here or tooling workflow that can add more context to the request?