Menu
We have a node application running in ECS and have local credentials in the .env file but we don't want to load credentials from the .env file due to security. Rather, we want those to be injected by AWS into the container environment. We don't want to use AWS SDK to fetch secrets in a node application. Is there any way to inject all secrets into the container environment?
576
Yes, you can specify where to get secrets in your container definitions. Here is a snippet example:
{
"containerDefinitions": [{
"secrets": [{
"name": "environment_variable_name",
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name-AbCdEf"
}]
}]
}
Here is the full documentation. You'll also need to allow the scheduler (execution role) to read these secrets and set your resource policy for the secret to allow the required principal to get those secrets.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
