CloudTruth Documentation
Sign InAPIIntegrationsGitHubVisit our website
  • Overview
  • Getting Started
  • Architecture
    • 🔒Security Overview
  • Copilot
  • 🏢Org management
    • Account Setup
    • Access Control
      • 🔑API Tokens
      • 🌐Protecting Projects and Environments
      • 👥Users
    • Audit Log
  • 🛠️Config Management
    • Projects
    • Parameters
      • Sharing Config Data
      • Parameter Management
        • Internal Values
          • Dynamic Values
        • External Values
          • Terraform Remote State Files
        • Parameter Override
        • Environment Value Override
      • Parameter and Parameter Value Inheritance
      • Value Comparison
      • Value History
      • Value Validation
      • Value Expiration
    • Environments and Tags
    • Templates
      • 📒Sample Templates
    • Actions
      • Import Actions
      • Push Actions
    • CLI & API
      • CloudTruth CLI
      • Rest API
    • Integrations
      • Argo CD
      • Atlassian Compass
      • AWS
        • AWS Connection
        • AWS Role
          • CloudFormation
          • Terrraform
          • AWS Console
        • Parameter Store (SSM)
        • S3
        • Secrets Manager
      • Azure Key Vault
      • Bitbucket Pipelines
      • Docker
      • Docker Compose
      • GitHub
      • GitHub Actions
      • GitLab
      • Harness
      • Jenkins
      • Kubernetes
      • Pulumi
      • Terraform
      • Terragrunt
      • Explorer
      • Circle CI
    • Events, Notifications, Webhooks
    • Types
  • 🔎REPORTING
    • Compare
    • History
    • Expirations
  • 🚀PRODUCT
    • What is CloudTruth?
    • Interactive Demo
    • Kubernetes
    • Terraform
    • CI/CD Pipeline Configuration
    • Cloud CMDB
    • Secrets Management
    • GitOps
    • Our Manifesto
    • Open Source
    • FAQs
    • Our Mission
  • 📚Reference
    • 🎓Quick Start Videos
      • What is CloudTruth?
      • CloudTruth in Action
      • Environments and Projects
      • Secrets, Parameters, ENV variables
      • Audit Logs, RBAC, SSO
      • Containers - Kubernetes, Docker
      • Infrastructure as Code (IaC) - Terraform, Cloudformation, CDK, Azure Bicep, Pulumi
      • CICD Pipelines - GitHub Actions, ArgoCD, Jenkins, CircleCI, Harness, GitLab Pipelines
      • AWS Videos - Secret Manager, Parameter Store, S3, IAM
      • Azure Videos - Azure DevOps, Azure Bicep, PowerShell
    • Knowledge Base
      • Best Practices
        • Versioned Releases
      • CLI
        • History comparison of deleted parameters with null values
      • Integrations
        • Advanced AWS IAM policy permissions
        • K8s pull image from private Docker registry
        • S3 Region Selection
      • Templates
        • Templates render quotations in key values as quot
    • Roadmap and New Features
    • JMESPath Reference
    • REST API
Powered by GitBook

Copyright© 2023 CloudTruth

On this page
  • Overview
  • Creating a Push Action
  • Managing Actions

Was this helpful?

  1. Config Management
  2. Actions

Push Actions

PreviousImport ActionsNextCLI & API

Last updated 11 months ago

Was this helpful?

Overview

CloudTruth push actions allow you to write secrets to an external integration from specified projects. This allows you to keep existing workflows and obtain the centralized data management CloudTruth provides.

Push Action Supported Integrations
Types

AWS Parameter store (SSM)

String; SecureString

AWS Secrets Store

Secret

Configuring a push action requires three prerequisites that work together to form the base of what you will be sending to the external source.

  1. A CloudTruth created with Write Access in your organization.

  2. or secrets created within a .

  3. created in an environment which act as a trigger for push.

The Actions page will walk you through creating an integration of tag if they do not exist.

The list will dynamically change depending on what is setup in your organization and the project selected. This project has at least one parameter or secret and a tag exists within an environment. Therefore, the Actions page only displays a shortcut to create an AWS integration.

Creating a Push Action

From the Actions Push page, click Create Push.

  1. Provide the action a name and a tag from your selected environments.

  2. Select a project(s) that contain parameters and secrets to be pushed.

  3. Select a configured integration, the region to push to and the destination service

  4. Check the options desired:

    • DRY RUN: when the push action executes, it only reports the upstream changes it would perform without actually performing them

    • FORCE: By default, PUSH will not overwrite any upstream items if it didn't create it. Turning FORCE on allows CloudTruth to take ownership and overwrite any pre-existing items

    • LOCAL: By default, PUSH will include all parameters inherited from parent projects. Turning LOCAL on will cause it to only send the parameters defined directly in the given projects

    • The destination type automatically determines which of parameters and secrets are pushed to it, override the default with:

      • PARAMETERS: Include parameters (non-secrets) when pushing

      • SECRETS: Include secrets when pushing

      • COERCE: Include secrets/parameters even if the upstream destination doesn't allow them (e.g. non-secrets in AWS SecretsManager)

  5. Click Next.

You can now build the name and structure of the parameters that are being pushed.

When creating a resource name the string and selected template components must conform to the services naming conventions.

{{parameter}} name is a required component of the Resource Name.

Preview the action and click Create Action.

The created action is now displayed on the Actions page for the selected project(s).

Action information is also associated with the selected integration. The integration actions table displays all actions associated with the integration across all projects.

Push action details

Click on an action from the Push Actions page to get detailed information and tasks. Tasks are expandable and display the evaluated resource name that is used for the created secret in the selected integration service. If an action fails you will find detailed logging in the Tasks table.

The Push action only writes CloudTruth Secrets to AWS Secrets Manager.

Action Triggers

Updating a tag to the latest time, or even a previous time, will initiate a new sync on any actions that are triggered by the updated tag. This effectively provides your external sources a sync point with a projects parameters associated with a specified tag.

Actions can contain multiple tags but are limited to a single tag per environment.

Managing Actions

You can edit, initiate a sync, or delete an action from any of the actions tables or on the detailed action page with the menu button.

Editing an action

You can edit the name of an action, description, project(s), Resource Name and change the Tag that triggers the push.

Removing, adding or updating an associated Actions tag will trigger an update to external sources. The secrets and values will be updated or removed based on the removed, added or updated tags.

Syncing an action

You can perform a manual sync from the action menu. This is useful if the action fails for connectivity or setup issues to the external source.

Deleting an action

Deleting an action will remove all parameters and secrets stored in the external integration source.

Unsupported parameter types

serve as triggers for a push action. The initial sync uses secrets and values that are associated with the selected tag when an action is created.

and parameter values will fail to be pushed to selected services.

🛠️
AWS Integration
External
Environment Tags
Dynamic
Tags
Parameters
project