Skip to content
shield

GitHub Action

AWS S3 Env

v1 Latest version

AWS S3 Env

shield

AWS S3 Env

Fetch an `.env`-formatted file from AWS S3, and populate your Github Workflow with its contents

Installation

Copy and paste the following snippet into your .yml file.

 
              
- name: AWS S3 Env

              
  uses: someimportantcompany/github-actions-aws-s3-env@v1
Learn more about this action in someimportantcompany/github-actions-aws-s3-env

Choose a version

AWS S3 ENV

GitHub CICD Coverage

Fetch an .env-formatted file from AWS S3, and populate your Github Workflow with its contents. You can optionally prefix all variable names, or enable variable masking (for secrets).

Usage

# Required, to set AWS credentials for S3
- uses: aws-actions/configure-aws-credentials@v1

- uses: someimportantcompany/github-actions-aws-s3-env@v1
  with:
    from: s3://mybucket/path/to/prod.env
# env.HELLO=world
# env.HTTP_HOST=0.0.0.0
# env.SECRET_KEY=some-important-secret

- uses: someimportantcompany/github-actions-aws-s3-env@v1
  with:
    from: s3://mybucket/path/to/secret.env
    # prefix: MY_SECRETS_
    # masked: true

You must configure the AWS environment with aws-actions/configure-aws-credentials or equivalent, as you cannot fetch files from S3 without credentials (even public files).

Prefixing env vars

Prefix all env var keys, to avoid clashing with existing/other environment variables.

# Required, to set AWS credentials for S3
- uses: aws-actions/configure-aws-credentials@v1

- uses: someimportantcompany/github-actions-aws-s3-env@v1
  with:
    from: s3://mybucket/path/to/prod.env
    prefix: MYPROJECT_
# env.MYPROJECT_HELLO=world
# env.MYPROJECT_HTTP_HOST=0.0.0.0
# env.MYPROJECT_SECRET_KEY=some-important-secret

Masking env vars

Mask all env var values in the Github Workflow console, useful if this contains secrets.

# Required, to set AWS credentials for S3
- uses: aws-actions/configure-aws-credentials@v1

- uses: someimportantcompany/github-actions-aws-s3-env@v1
  with:
    from: s3://mybucket/path/to/secrets.env
    masked: true
# env.HELLO=*****
# env.HTTP_HOST=*******
# env.SECRET_KEY=*********************

Output as list

Instead of writing the env vars to the workflow environment, you can write the values to outputs instead. Useful if passing directly into other List arguments, such as docker/build-push-action's build-arg input.

# Required, to set AWS credentials for S3
- uses: aws-actions/configure-aws-credentials@v1

- uses: someimportantcompany/github-actions-aws-s3-env@v1
  id: env-vars
  with:
    from: s3://mybucket/path/to/build-args.env
    export-env: false
    export-outputs: true
# steps.env-vars.outputs.list: |
#   HELLO=world
#   HTTP_HOST=0.0.0.0
#   SECRET_KEY=some-important-secret

- uses: docker/build-push-action@v4
  with:
    tags: myproject/app:latest
    push: true
    build-args: ${{ steps.env-vars.outputs.list }}

Inputs

Key Description
from Required. An S3 url starting with s3://.
prefix Optionally prefix all injected environment keys to avoid clashing with existing env vars.
masked Optionally set to true to mask all values from output.
export-env Optionally set to false to not write the env vars to the current environment.
export-outputs Optionally set to true to write the env vars to outputs.list.

Notes