Menu
I have a Dockerfile in the project which, during build of an image, needs to pull something from a private GitHub repository. Hence I need to pass it a GitHub token. Building this way locally is all fine.
However I need to achieve this in CodePipeline in cdk to deploy a Lambda. So in one of the stacks I use:
DockerImageFunction(self, "SomeId",
code=DockerImageCode.from_image_asset(
directory='some-dir',
build_args={
"GITHUB_TOKEN": aws_cdk.core.SecretValue.secrets_manager('github-token').to_string(),
},
)
)
(see API reference here)
This gives me an error:
jsii.errors.JSIIError: Cannot use tokens in keys or values of "buildArgs" since they are needed before deployment
Also the linked reference says:
Since Docker build arguments are resolved before deployment, keys and values cannot refer to unresolved tokens
In such a case, how do I pass in the github token to Docker build which is stored in the secret manager in aws account?
960
asked Sep 05 '25 14:09
For this to work you have to have the token present during synthesis time (as you correctly mention). A good practice is to have these tokens provided by your CI/CD as environment variables during your builds.
For CodeBuild you can specify the variables in the console; a variable can be internally stored in SecretsManager. More in the docs and on this blog.
Hope this helps a little 🙂
70
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
