You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
GitHub Action
AWS Secrets Manager Reader
v2.1.0
Use this action to read a secret value from AWS Secret Manager.
This action assume that:
- The credentials are in place (see aws-actions/configure-aws-credentials)
- The AWS client has the permission required to get the secret
Assuming we have define in AWS Secret Manager a secret foo/bar
with the following content:
{
"MY_SECRET": "123456"
}
- uses: aws-actions/configure-aws-credentials@v1
with:
aws-region: us-east-1
- name: Retrieve Secrets
id: secrets
uses: t-botz/aws-secrets-manager-read-action@v2
with:
secret-id: foo/bar
mask-json-values: true
keys-as-env-vars: true
keys-as-outputs: true
append-to-env-file: ./my.env
- name: Use Secret
run: |
# Will actually display '***' as secret will be masked in output
echo "${{ fromJSON(steps.secrets.outputs.secret).MY_SECRET }}"
# Same result thanks to `keys-as-outputs: true`
echo "${{ steps.secrets.outputs.MY_SECRET }}"
# Same result thanks to `keys-as-env-vars: true`
echo "$MY_SECRET"
# Show secret from env file
cat ./my.env
Name | Type | Description |
---|---|---|
secret-id |
String | Refer to AWS Documention |
version-id |
String | Refer to AWS Documention |
version-stage |
String | Refer to AWS Documention |
mask-value |
Boolean | (Default true ) Mask the whole secret value return by AWS. |
mask-json-values |
Boolean | (Default false ) Assume the secret is a JSON object and mask all JSON object values, even the nested ones |
keys-as-env-vars |
Boolean | (Default false ) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with ${{ env.MY_SECRET }} . |
keys-as-outputs |
Boolean | (Default false ) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with ${{ steps.<id_of_steps>.outputs.MY_SECRET }} . |
append-to-env-file |
Boolean | (Default '' ) 'Assume the secret is a JSON object and append the key values in an env file. The value is the path to the file. |
Name | Type | Description |
---|---|---|
secret |
String | SecretString as returned by AWS API |
<key> |
String | If keys-as-outputs , each json key of the secret will become an output |