Unable to locate credentials - Gitlab Pipeline for S3
(I encountered this issue many times - Adding another answer for people that have the same error - from other reasons).
A quick checklist.
Go to Setting -> CI/CD -> Variables and check:
- If both
AWS_ACCESS_KEY_ID
&AWS_SECRET_ACCESS_KEY
environment variables exist. - If both names are spelled right.
- If their state is defined as
protected
- they can only be ran againstprotected
branches (likemaster
).
If error still occurs:
- Make sure the access keys still exist and active on your account.
- Delete current environment variables and replace them with new generated access keys and make sure
AWS_SECRET_ACCESS_KEY
doesn't contain any special characters (can lead to strange errors).
The actual problem was a collision to do with naming the variables. For both branches the variables were called AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
. However the problem wasn't just to rename them as the pipeline still didn't pick them up.
I printed the password to the logs to determine which password was being picked up by which branch but found that neither was being taken up. The solution was to have a unique name for each password for each branch (e.g. PRODUCTION_ACCESS_KEY_ID
and TESTING_ACCESS_KEY_ID
) and in the build script refer to them:
deploy_app_production:
environment:
name: production
url: <url>
before_script:
- echo "Installing ruby & dpl"
- apt-get update && apt-get install -y ruby-full
- gem install dpl
stage: deploy
tags:
- nv1
script:
- echo "Deploying to production"
- sh deploy.sh production $PRODUCTION_ACCESS_KEY_ID $PRODUCTION_SECRET_ACCESS_KEY
only:
- master
And in the deploy.sh
I referred to the passed in variables (though I did end up switching to dpl):
dpl --provider=s3 --access-key-id=$2 --secret-access-key=$3 --bucket=<my-bucket-name>-$1 --region=eu-west-1 --acl=public_read --local-dir=./dist --skip_cleanup=true