Skip to content
You're viewing an older version of this GitHub Action. Do you want to see the latest version instead?
lock

GitHub Action

AWS Secrets Manager Reader

v2.1.3

AWS Secrets Manager Reader

lock

AWS Secrets Manager Reader

Github Action to read a secret value from AWS Secret Manager'

Installation

Copy and paste the following snippet into your .yml file.

              

- name: AWS Secrets Manager Reader

uses: t-botz/[email protected]

Learn more about this action in t-botz/aws-secrets-manager-read-action

Choose a version

typescript-action status

AWS Secrets Manager Reader

Use this action to read a secret value from AWS Secret Manager.

This action assume that:

Usage

Assuming we have define in AWS Secret Manager a secret foo/bar with the following content:

{
  "MY_SECRET": "123456"
}
- uses: aws-actions/configure-aws-credentials@v1
  with:
    aws-region: us-east-1
- name: Retrieve Secrets
  id: secrets
  uses: t-botz/aws-secrets-manager-read-action@v2
  with:
    secret-id: foo/bar
    mask-json-values: true
    keys-as-env-vars: true
    keys-as-outputs: true
    append-to-env-file: ./my.env
- name: Use Secret
  run: |
    # Will actually display '***' as secret will be masked in output
    echo "${{ fromJSON(steps.secrets.outputs.secret).MY_SECRET }}"

    # Same result thanks to `keys-as-outputs: true`
    echo "${{ steps.secrets.outputs.MY_SECRET }}"

    # Same result thanks to `keys-as-env-vars: true`
    echo "$MY_SECRET"
    
    # Show secret from env file
    cat ./my.env

Inputs

Name Type Description
secret-id String Refer to AWS Documention
version-id String Refer to AWS Documention
version-stage String Refer to AWS Documention
mask-value Boolean (Default true) Mask the whole secret value return by AWS.
mask-json-values Boolean (Default false) Assume the secret is a JSON object and mask all JSON object values, even the nested ones
keys-as-env-vars Boolean (Default false) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with ${{ env.MY_SECRET }}.
keys-as-outputs Boolean (Default false) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with ${{ steps.<id_of_steps>.outputs.MY_SECRET }}.
append-to-env-file Boolean (Default '') 'Assume the secret is a JSON object and append the key values in an env file. The value is the path to the file.

Outputs

Name Type Description
secret String SecretString as returned by AWS API
<key> String If keys-as-outputs, each json key of the secret will become an output