Use env variable in artifact block

frakev · February 9, 2023, 4:28pm

Hello,

I pushed a Docker image on s3 and I would like to download this one with the artifact block to run my container.

I try to use env variable (AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY) stored in Vault to authenticate on s3 but it seems that it’s not working.

failed to download artifact "s3::https://xxxxxxxxxxxxx": NoCredentialProviders: no valid providers in chain caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment SharedCredsLoad: failed to load shared credentials file caused by: FailedRead: unable to open file caused by: open /root/.aws/credentials: no such file or directory EmptyEC2RoleList: empty EC2 Role list

I think it’s not very safe to put the credentials directly in the job.

Do you have a solution ?

Thank you for your help

Kevin

vvarga · August 31, 2023, 6:50pm

Have you ever found a solution for this?

frakev · September 1, 2023, 8:40am

Hello @vvarga ,

No sorry

vvarga · September 1, 2023, 3:22pm

If you check the systemd service file for nomad you can see it will pull environment variables from “/etc/nomad.d/nomad.env”

[root@xxxxx ~]# grep Environment /usr/lib/systemd/system/nomad.service
EnvironmentFile=-/etc/nomad.d/nomad.env

If you set the AWS access id, and secret key there, it works with AWS S3,
but doesn’t work with an on-prem s3 compatible object storage.