CloudTruth Documentation
Sign InAPIIntegrationsGitHubVisit our website
  • Overview
  • Getting Started
  • Architecture
    • 🔒Security Overview
  • Copilot
  • 🏢Org management
    • Account Setup
    • Access Control
      • 🔑API Tokens
      • 🌐Protecting Projects and Environments
      • 👥Users
    • Audit Log
  • 🛠️Config Management
    • Projects
    • Parameters
      • Sharing Config Data
      • Parameter Management
        • Internal Values
          • Dynamic Values
        • External Values
          • Terraform Remote State Files
        • Parameter Override
        • Environment Value Override
      • Parameter and Parameter Value Inheritance
      • Value Comparison
      • Value History
      • Value Validation
      • Value Expiration
    • Environments and Tags
    • Templates
      • 📒Sample Templates
    • Actions
      • Import Actions
      • Push Actions
    • CLI & API
      • CloudTruth CLI
      • Rest API
    • Integrations
      • Argo CD
      • Atlassian Compass
      • AWS
        • AWS Connection
        • AWS Role
          • CloudFormation
          • Terrraform
          • AWS Console
        • Parameter Store (SSM)
        • S3
        • Secrets Manager
      • Azure Key Vault
      • Bitbucket Pipelines
      • Docker
      • Docker Compose
      • GitHub
      • GitHub Actions
      • GitLab
      • Harness
      • Jenkins
      • Kubernetes
      • Pulumi
      • Terraform
      • Terragrunt
      • Explorer
      • Circle CI
    • Events, Notifications, Webhooks
    • Types
  • 🔎REPORTING
    • Compare
    • History
    • Expirations
  • 🚀PRODUCT
    • What is CloudTruth?
    • Interactive Demo
    • Kubernetes
    • Terraform
    • CI/CD Pipeline Configuration
    • Cloud CMDB
    • Secrets Management
    • GitOps
    • Our Manifesto
    • Open Source
    • FAQs
    • Our Mission
  • 📚Reference
    • 🎓Quick Start Videos
      • What is CloudTruth?
      • CloudTruth in Action
      • Environments and Projects
      • Secrets, Parameters, ENV variables
      • Audit Logs, RBAC, SSO
      • Containers - Kubernetes, Docker
      • Infrastructure as Code (IaC) - Terraform, Cloudformation, CDK, Azure Bicep, Pulumi
      • CICD Pipelines - GitHub Actions, ArgoCD, Jenkins, CircleCI, Harness, GitLab Pipelines
      • AWS Videos - Secret Manager, Parameter Store, S3, IAM
      • Azure Videos - Azure DevOps, Azure Bicep, PowerShell
    • Knowledge Base
      • Best Practices
        • Versioned Releases
      • CLI
        • History comparison of deleted parameters with null values
      • Integrations
        • Advanced AWS IAM policy permissions
        • K8s pull image from private Docker registry
        • S3 Region Selection
      • Templates
        • Templates render quotations in key values as quot
    • Roadmap and New Features
    • JMESPath Reference
    • REST API
Powered by GitBook

Copyright© 2023 CloudTruth

On this page
  • Overview
  • Creating an Import Action
  • Managing Import Actions

Was this helpful?

  1. Config Management
  2. Actions

Import Actions

PreviousActionsNextPush Actions

Last updated 11 months ago

Was this helpful?

Overview

CloudTruth Import actions allow you to directly import parameters and secrets from an Integration source.

Import Action Supported Integrations
Types

AWS Parameter store (SSM)

String; SecureString

Configuring an import action allows you to match specific patterns in your AWS parameters store keys for import. An must be created as a source to import parameters and secrets from.

Creating an Import Action

From the Actions Import page, click Import.

  1. Provide the action a name.

  2. Select a region where the parameters and secrets exist for import.

  3. Click Next.

Once you have selected the region and service, you can define the pattern matching strategy that will be used to identify the Environment, Project, and Parameter name for each item that is imported. You can define the pattern matching using one of two styles:

  1. Mustache pattern matching allows you to define a simple expression using a familiar templating language. Note that internally this will use "greedy matching", so if your parameter name contains slashes then you will probably want to use regular expressions instead. For example: /{{ environment }}/{{ project }}/{{ parameter }} \

To assist you in creating the pattern matching expression, you can click on the Test button. This will run your pattern matching against the service in the selected region and show you which content matches and which content was skipped. You can check that the correct items match, and that the extracted environment, project, and parameter name is what you expect it to be:

Once you have defined your resource pattern click Preview.

You now have the options to perform a Dry Run or directly Create Import.

It is recommended to perform a Dry Run first, especially if you did not test your pattern. It's always good to know before hand what you will be importing!

Dry Run

Create Import

Running a create import will create the resources directly at action create time.

The created import action is now displayed on the Actions Import page for the selected project(s).

Action information is also associated with the selected integration on the Import tab. The integration actions table displays all actions associated with the integration across all projects.

Import action details

Click on an action from the import Actions page to get detailed information and tasks. Tasks are expandable and display the evaluated resource name that is used for the imported. If an action fails you will find detailed logging in the Tasks table. By default status only display tasks that contain changes to the parameters and secrets. You can use the Only Changes toggle to display tasks had a no-op.

Managing Import Actions

You can edit, initiate a sync (Dry Run), sync (Run) , or delete an action from any of the Import actions tables or on the detailed action page with the menu button.

Editing an Import action

You can edit the name of an action, description, and Resource pattern that defines an import.

Syncing an Import action

You can perform a manual sync from the import action menu. The manual sync operation allows you to perform a dry run of the Import or initiate a manual live sync.

Deleting an Import action

Deleting an Import action will retain all imported information even if the action is deleted.

For more complex matching, you can define a Python-compatible regular expression with named capture groups. You may want to leverage a tool like which allows you to build, understand, and test Python regular expressions. For example: ^/(?P<environment>[^/]+)/(?P<project>[^/]+)/(?P<parameter>.+)$

A dry run task will show you resources that will be created as part of the import.

🛠️
Regex101
AWS integration for SSM
Selecting a Region and Service
Defining a Pattern Matching Expression