use aws secrets manager for a secure retrieval

.github/workflows/test_coverage_with_tokens.yml

@@ -42,11 +42,6 @@ jobs:
  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
  AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
-
- run: |
- OUTPUT=$(aws cognito-idp "${{ secrets.COGNITO_INIT }}" --user-pool-id "${{ secrets.COGNITO_USER_POOL_ID }}" --client-id "${{ secrets.COGNITO_CLIENT_ID }}" --auth-flow "${{ secrets.COGNITO_AUTH_FLOW }}" --auth-parameters USERNAME="${{ secrets.COGNITO_USERNAME }}",PASSWORD=${{ secrets.COGNITO_PASSWORD }})
- echo ACCESS_TOKEN=$(echo "$OUTPUT" | jq -r '.AuthenticationResult.AccessToken' | sed 's/^"\(.*\)"$/\1/') >> $GITHUB_OUTPUT
- echo ID_TOKEN=$(echo "$OUTPUT" | jq -r '.AuthenticationResult.IdToken' | sed 's/^"\(.*\)"$/\1/') >> $GITHUB_OUTPUT
 
  - name: Setup Python
  uses: actions/setup-python@v4
@@ -59,13 +54,16 @@ jobs:
 
  - name: Install requirements_dev.txt
  run: pip install -r requirements_dev.txt
+
+ - name: Retrieve Cognito Tokens from AWS Secrets Manager
+ run: |
+ echo "CRIPT_TOKEN=$(aws secretsmanager get-secret-value --secret-id Pipelines_CognitoAccessToken --query SecretString --output text)" >> $GITHUB_ENV
+ echo "CRIPT_STORAGE_TOKEN=$(aws secretsmanager get-secret-value --secret-id Pipelines_CognitoIdToken --query SecretString --output text)" >> $GITHUB_ENV
 
  - name: Test Coverage
  run: pytest tests/api/test_api.py
  env:
- ACCESS_TOKEN: ${{ steps.cognito-token.outputs.ACCESS_TOKEN }}
- ID_TOKEN: ${{ steps.cognito-token.outputs.ID_TOKEN }}
  CRIPT_HOST: https://lb-stage.mycriptapp.org/
- CRIPT_TOKEN: $ACCESS_TOKEN
- CRIPT_STORAGE_TOKEN: $ID_TOKEN
+ CRIPT_TOKEN: ${{ env.CRIPT_TOKEN }}
+ CRIPT_STORAGE_TOKEN: ${{ env.CRIPT_STORAGE_TOKEN }}
  CRIPT_TESTS: True