I pushed a Docker image on s3 and I would like to download this one with the artifact block to run my container.
I try to use env variable (AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY) stored in Vault to authenticate on s3 but it seems that it’s not working.
failed to download artifact "s3::https://xxxxxxxxxxxxx": NoCredentialProviders: no valid providers in chain caused by: EnvAccessKeyNotFound: AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY not found in environment SharedCredsLoad: failed to load shared credentials file caused by: FailedRead: unable to open file caused by: open /root/.aws/credentials: no such file or directory EmptyEC2RoleList: empty EC2 Role list
I think it’s not very safe to put the credentials directly in the job.
This isn’t a direct answer to your question, but from the error message it looks like the larger context is that you’re doing this on an EC2 instance. The answer is “don’t”. Best practice is to use an EC2 service role you create in IAM and apply that to the EC2 instance. No secret keys needed, so no secret keys leaked.