Home > Software design >  Set AWS Secret Manager value in docker environment
Set AWS Secret Manager value in docker environment

Time:04-01

We have a node application running in ECS and have local credentials in the .env file but we don't want to load credentials from the .env file due to security. Rather, we want those to be injected by AWS into the container environment. We don't want to use AWS SDK to fetch secrets in a node application. Is there any way to inject all secrets into the container environment?

CodePudding user response:

Yes, you can specify where to get secrets in your container definitions. Here is a snippet example:

{
  "containerDefinitions": [{
    "secrets": [{
      "name": "environment_variable_name",
      "valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name-AbCdEf"
    }]
  }]
}

Here is the full documentation. You'll also need to allow the scheduler (execution role) to read these secrets and set your resource policy for the secret to allow the required principal to get those secrets.

CodePudding user response:

Yes, you can specify sensitive data to be automatically fetched and injected to your container.

You do this using secrets parameter of your Task Definition:

Amazon ECS enables you to inject sensitive data into your containers by storing your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition.

  • Related