AWS Secrets Manager Reader

Use this action to read a secret value from AWS Secret Manager.

This action assume that:

The credentials are in place (see aws-actions/configure-aws-credentials)
The AWS client has the permission required to get the secret

Usage

Assuming we have define in AWS Secret Manager a secret foo/bar with the following content:

{
  "MY_SECRET": "123456"
}

- uses: aws-actions/configure-aws-credentials@v1
  with:
    aws-region: us-east-1
- name: Retrieve Secrets
  id: secrets
  uses: t-botz/aws-secrets-manager-read-action@v2
  with:
    secret-id: foo/bar
    mask-json-values: true
    keys-as-env-vars: true
    keys-as-outputs: true
    append-to-env-file: ./my.env
- name: Use Secret
  run: |
    # Will actually display '***' as secret will be masked in output
    echo "${{ fromJSON(steps.secrets.outputs.secret).MY_SECRET }}"

    # Same result thanks to `keys-as-outputs: true`
    echo "${{ steps.secrets.outputs.MY_SECRET }}"

    # Same result thanks to `keys-as-env-vars: true`
    echo "$MY_SECRET"
    
    # Show secret from env file
    cat ./my.env

Inputs

Name	Type	Description
`secret-id`	String	Refer to AWS Documention
`version-id`	String	Refer to AWS Documention
`version-stage`	String	Refer to AWS Documention
`mask-value`	Boolean	(Default `true`) Mask the whole secret value return by AWS.
`mask-json-values`	Boolean	(Default `false`) Assume the secret is a JSON object and mask all JSON object values, even the nested ones
`keys-as-env-vars`	Boolean	(Default `false`) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with `${{ env.MY_SECRET }}`.
`keys-as-outputs`	Boolean	(Default `false`) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with `${{ steps.<id_of_steps>.outputs.MY_SECRET }}`.
`append-to-env-file`	Boolean	(Default `''`) 'Assume the secret is a JSON object and append the key values in an env file. The value is the path to the file.

Outputs

Name	Type	Description
`secret`	String	SecretString as returned by AWS API
`<key>`	String	If `keys-as-outputs`, each json key of the secret will become an output

Name		Name	Last commit message	Last commit date
Latest commit History 48 Commits
.github		.github
dist		dist
src		src
.eslintignore		.eslintignore
.eslintrc.json		.eslintrc.json
.gitattributes		.gitattributes
.gitignore		.gitignore
.prettierignore		.prettierignore
.prettierrc.json		.prettierrc.json
CODEOWNERS		CODEOWNERS
LICENSE		LICENSE
README.md		README.md
action.yml		action.yml
package-lock.json		package-lock.json
package.json		package.json
test-local.sh		test-local.sh
tsconfig.json		tsconfig.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

AWS Secrets Manager Reader

Usage

Inputs

Outputs

About

Releases

Packages

Languages

License

WiserSolutions/aws-secrets-manager-read-action

Folders and files

Latest commit

History

Repository files navigation

AWS Secrets Manager Reader

Usage

Inputs

Outputs

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages