Support AWS Systems Manager Parameter Store

[chriskilding]

Allow Jenkins to look up credentials in AWS Parameter Store. (They will be stored as Secure String parameters
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-securestring.html).

Moved from JENKINS-60132

Rationale

• Storing credentials in Parameter Store can be cheaper than storing them in Secrets Manager.
• TODO anything else?

Questions

• Does this belong in its own project/plugin or is there opportunity for code reuse as part of aws-secrets-manager-credentials-provider-plugin?

Constraints

• Jenkins should be able to source credentials from both Secrets Manager and Parameter Store. (Using one should not rule out using the other.)
• If Jenkins encounters an error looking up secrets in one of the services, this should not impede lookups in the other. (An exception from a Secrets Manager API call should not break secret resolution in Parameter Store if PS is still functioning.)
• Tag naming conventions should be shared in both PS and SM. (Eg a username tag should be called jenkins:credentials:username in PS, just like it is in SM today.)

Comparison of services

Feature	Secrets Manager	Standard Parameter	Advanced Parameter
Max Size	10.24kb	4kb	8kb
Monthly cost per secret	$0.40	Free	$0.05
IAM per-secret policy	Yes	No	Yes
Max API calls per sec (retrieval)	1,500 ($)	40 (free)1,000 ($)	40 ($)1,000 ($)
Max num secrets	40,000	10,000	100,000
String secrets	Yes	Yes	Yes
Binary secrets	Yes	No	No