3

Currently deploying PostgREST in AWS. When I use Fargate and just hardcoded type in the environment variables for the connection string, the machine works like a charm. However I recently replaced these values with secrets. In the secret I copy-pasted the entire string in the value and in the environment variable I set the source from "Value" to "ValueFrom".

So the value now is:

postgres://<myuser>:<mypass>@<amazon-rds-instance>:5432/<db>

When I use this connectionstring directly in the environment variable I can easily connect, so I know the information is correct.

The logs come back with the following error:

{"details":"missing \"=\" after \"{\"postgrest_db_connection\":\"postgres://myuser:mypass@amazon-rds-instance:5432/db\"}\" in connection info string\n","code":"","message":"Database connection error"}

I also checked I have no characters in the string that need to be escaped. What can I be missing here?

enter image description here

enter image description here

JustLudo
  • 1,690
  • 12
  • 29
  • No one? I did make sure to use the ARN notation in my valuefrom, as this will also sometimes cause trouble. The fact that the secret is picked up leads me to believe the retrieval is done well, but the parsing is not. – JustLudo Feb 20 '20 at 11:04
  • No one still? Got this feeling this is going to award me another one of those tumbleweed awards..... Note: The same thing happens with the password field for PostgREST. When I copy-paste the value and use "value", it works. When I switch to ValueFrom and copy-paste the ARN it doesn't work. Driving me crazy. – JustLudo Feb 24 '20 at 15:19
  • Edit in your question container definition showing the secrets configuration and also show the output from describe-secret command in the CLI. *Redact sensitive ids in the ARN and other information when you share.* – Oluwafemi Sule Feb 29 '20 at 07:46
  • @OluwafemiSule: Just did that. I copy-pasted the ARN so I'm quite sure that's not going to be the issue. – JustLudo Mar 02 '20 at 08:05
  • 1
    From the AWS documentation I found: "It is only supported to inject the full contents of a secret as an environment variable. Specifying a specific JSON key or version is not supported at this time. " This might be the cause. Will look further into this. – JustLudo Mar 02 '20 at 09:11

1 Answers1

2

So I figured it out. Unfortunately this line was it:

It is only supported to inject the full contents of a secret as an environment variable. Specifying a specific JSON key or version is not supported at this time.

This means that whenever you use the secrets as ValueFrom setting in the environment variables (when working with Fargate), the entire secret's value gets copy-pasted.

I tested this using a secret for the PostgREST schema variable. I got back the value:

{'PGRST_SCHEMA_URL': 'public'}

Whilst I was expecting it to be just:

public

This is why the configuration went bad as well. Thanks everyone for searching.

JustLudo
  • 1,690
  • 12
  • 29