Skip to content

t-botz/aws-secrets-manager-read-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

196 Commits

.github

.github

 
 

dist

dist

 
 

src

src

 
 

.eslintignore

.eslintignore

 
 

.eslintrc.json

.eslintrc.json

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

.prettierignore

.prettierignore

 
 

.prettierrc.json

.prettierrc.json

 
 

CODEOWNERS

CODEOWNERS

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

test-local.sh

test-local.sh

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

typescript-action status

AWS Secrets Manager Reader

Use this action to read a secret value from AWS Secret Manager.

This action assume that:

Usage

Assuming we have define in AWS Secret Manager a secret foo/bar with the following content:

{
  "MY_SECRET": "123456"
}
- uses: aws-actions/configure-aws-credentials@v1
  with:
    aws-region: us-east-1
- name: Retrieve Secrets
  id: secrets
  uses: t-botz/aws-secrets-manager-read-action@v2
  with:
    secret-id: foo/bar
    mask-json-values: true
    keys-as-env-vars: true
    keys-as-outputs: true
    append-to-env-file: ./my.env
- name: Use Secret
  run: |
    # Will actually display '***' as secret will be masked in output
    echo "${{ fromJSON(steps.secrets.outputs.secret).MY_SECRET }}"

    # Same result thanks to `keys-as-outputs: true`
    echo "${{ steps.secrets.outputs.MY_SECRET }}"

    # Same result thanks to `keys-as-env-vars: true`
    echo "$MY_SECRET"
    
    # Show secret from env file
    cat ./my.env

Inputs

Name Type Description
secret-id String Refer to AWS Documention
version-id String Refer to AWS Documention
version-stage String Refer to AWS Documention
mask-value Boolean (Default true) Mask the whole secret value return by AWS.
mask-json-values Boolean (Default false) Assume the secret is a JSON object and mask all JSON object values, even the nested ones
keys-as-env-vars Boolean (Default false) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with ${{ env.MY_SECRET }}.
keys-as-outputs Boolean (Default false) Assume the secret is a JSON object and export the keys as env variables. Can then be accessed with ${{ steps.<id_of_steps>.outputs.MY_SECRET }}.
append-to-env-file Boolean (Default '') 'Assume the secret is a JSON object and append the key values in an env file. The value is the path to the file.

Outputs

Name Type Description
secret String SecretString as returned by AWS API
<key> String If keys-as-outputs, each json key of the secret will become an output

About

Github Action to read a secret value from AWS Secret Manager

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 9

v2.1.4 Latest
Jun 8, 2023
+ 8 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages