search

abhilash1in / aws-secrets-manager-action

Use secrets from AWS Secrets Manager as environment variables in your GitHub Actions workflow
MIT License
68 stars 43 forks source link

Variables aren't exported #28

Closed jgoux closed 2 years ago

jgoux commented 2 years ago

Hello,

I'm trying this Github action on a json (key/values) secret stored in AWS Secrets Manager.

Here is how I use it : 

    # Load environment variables from AWS Secrets Manager
    - name: Read secrets from AWS Secrets Manager into environment variables
      uses: abhilash1in/aws-secrets-manager-action@v1.1.0
      with:
        aws-access-key-id: ${{ inputs.aws-access-key-id }}
        aws-secret-access-key: ${{ inputs.aws-secret-access-key }}
        aws-region: eu-west-3
        # "vite" is a key-value secret containing all the client environment variables
        secrets: |
          vite
        parse-json: true

    # Create the client .env file
    - name: Create client .env file
      run: |
        echo "VITE_AUTH0_AUDIENCE=$VITE_AUTH0_AUDIENCE" >> ./packages/client/.env
        echo "VITE_AUTH0_CLIENT_ID=$VITE_AUTH0_CLIENT_ID" >> ./packages/client/.env
        echo "VITE_AUTH0_DOMAIN=$VITE_AUTH0_DOMAIN" >> ./packages/client/.env
        echo "VITE_GOOGLEMAP_KEY=$VITE_GOOGLEMAP_KEY" >> ./packages/client/.env
        echo "VITE_SENTRY_DSN=$VITE_SENTRY_DSN" >> ./packages/client/.env
        echo "VITE_SENTRY_ORG_SLUG=$VITE_SENTRY_ORG_SLUG" >> ./packages/client/.env
        echo "VITE_FULLSTORY_ORG_ID=$VITE_FULLSTORY_ORG_ID" >> ./packages/client/.env
        echo "VITE_FIREBASE_API_KEY=$VITE_FIREBASE_API_KEY" >> ./packages/client/.env
        echo "VITE_FIREBASE_APP_ID=$VITE_FIREBASE_APP_ID" >> ./packages/client/.env
        echo "VITE_FIREBASE_AUTH_DOMAIN=$VITE_FIREBASE_AUTH_DOMAIN" >> ./packages/client/.env
        echo "VITE_FIREBASE_MEASUREMENT_ID=$VITE_FIREBASE_MEASUREMENT_ID" >> ./packages/client/.env
        echo "VITE_FIREBASE_MESSAGING_SENDER_ID=$VITE_FIREBASE_MESSAGING_SENDER_ID" >> ./packages/client/.env
        echo "VITE_FIREBASE_PROJECT_ID=$VITE_FIREBASE_PROJECT_ID" >> ./packages/client/.env
        echo "VITE_FIREBASE_STORAGE_BUCKET=$VITE_FIREBASE_STORAGE_BUCKET" >> ./packages/client/.env
        echo "VITE_FIREBASE_VAPIDKEY=$VITE_FIREBASE_VAPIDKEY" >> ./packages/client/.env
        echo "VITE_PDFTRON_LICENSE_KEY=$VITE_PDFTRON_LICENSE_KEY" >> ./packages/client/.env
        echo "VITE_RELEASE=${{ env.RELEASE }}" >> ./packages/client/.env
        echo "VITE_TWICPICS_CLOVIS_CDN=$VITE_TWICPICS_CLOVIS_CDN" >> ./packages/client/.env
        echo "VITE_TWICPICS_DOMAIN=$VITE_TWICPICS_DOMAIN" >> ./packages/client/.env
        echo "VITE_STREAM_CHAT_API_KEY=$VITE_STREAM_CHAT_API_KEY" >> ./packages/client/.env
      shell: bash

The issue I have is that all the environment variables seem undefined.

My secret is called "vite" and its content is like this :

Capture d’écran 2022-02-07 à 09 50 51

I'm not sure what I'm missing, I also activated Github action debugging but I had no particular debug log for this action.

Also, note that I already use your github action for another non-json secret on the exact same AWS account, and it works as expected.

I also tried the ${{ env.VITE_SENTRY_ORG_SLUG }} form without success (the values are all empty).

Thanks for your help. 🤞

daba-sharhan commented 2 years ago

@jgoux Have you found a fix. I'm struggling to even use this action. I have a secret named test/secret with several key/values in it such as token and its value. How do I retrieve those key/values into my Github Actions workflow. When I try to echo the value, I see nothing, meaning the secret value is actually not been injected??

- name: Read secrets from AWS Secrets Manager into environment variables
      uses: abhilash1in/aws-secrets-manager-action@v1.1.0
      id: read-secrets
      with:
        secrets: |
          test/secret
        parse-json: true

    - name: Check if env variable is set after fetching secrets
      run: | 
        echo "test secret is ${token}"
jgoux commented 2 years ago

@daba-sharhan I didn't find a solution in my case yet, but in yours, you have to follow their naming convention so your token would be available under the name TEST_SECRET_TOKEN.

daba-sharhan commented 2 years ago

@jgoux Right. None of those works. If they could have an working example just to show us would have been great. I am leaning to use this action because it seem to have more stars than the others outside there proofing its stability.

abhilash1in commented 2 years ago

@jgoux your usage looks right to me, not sure why it's not working for you. Are you sure you're using the right values for aws-access-key-id, aws-secret-access-key and aws-region? Are you sure your secret is called vite on AWS Secrets Manager and resides in eu-west-3?

Can also you also try something like,

    - name: Create client .env file
      run: |
        echo "VITE_AUTH0_AUDIENCE=${{ env.VITE_AUTH0_AUDIENCE }}" >> ./packages/client/.env

This is the alternate way to access environment variables (as described here).

I've also sent you an InMail on LinkedIn to chat about this and help you troubleshoot further.

abhilash1in commented 2 years ago

I also activated Github action debugging but I had no particular debug log for this action

How did you enable debug logging? You need to set a secret called ACTIONS_STEP_DEBUG with value true (as per documentation).

jgoux commented 2 years ago

I was passing the wrong account credentials so the secrets didn't exist on this particular account. 🤦 Thanks @abhilash1in for the help!