secret key/values not injecting into workflows

abhilash1in / aws-secrets-manager-action

Use secrets from AWS Secrets Manager as environment variables in your GitHub Actions workflow

MIT License

68 stars 43 forks source link

secret key/values not injecting into workflows #29

Closed daba-sharhan closed 2 years ago

daba-sharhan commented 2 years ago

I am trying to inject key/values from aws secret manager with a secret name test/secret. I realize the values are not being injected into the environment variables. This is my sample code to retrieve a token value

- name: Read secrets from AWS Secrets Manager into environment variables
      uses: abhilash1in/aws-secrets-manager-action@v1.1.0
      id: read-secrets
      with:
        secrets: |
          test/secret
        parse-json: true

    - name: Check if env variable is set after fetching secrets
      run: | 
        echo "value is ${token}"

abhilash1in commented 2 years ago

@daba-sharhan where is your action running? Do you use self hosted runners or are you using GitHub-hosted runners? How are you authenticating with AWS (I don't see any credentials being passed). You can refer README for an example on how to pass AWS credentials + the naming convention to expect/follow.

Also, if your secret is called test/secret and value is {"token": "foo"} and parse-json: true, it will be available as TEST_SECRET_TOKEN environment variable, with value foo. You need to try something like echo $TEST_SECRET_TOKEN and not echo "value is ${token}". However, you may just see something like *** in the GitHub Action logs since GitHub will mask your secret value in the logs to keep it secure.

daba-sharhan commented 2 years ago

@abhilash1in I didn't know I had to do double authentication with AWS. I already had an action that authenticates with AWS and so I omitted passing any credentials in the with block of your Git Action. I just added it and the secrets are passed to the environment variables. But that means double credentials passing?? Thanks for the help

daba-sharhan commented 2 years ago

@abhilash1in The other thing is, how am I passing the secret to my let's say --build-arg. Is it going to be $TEST_SECRET_TOKEN or ${TEST_SECRET_TOKEN}

abhilash1in commented 2 years ago

@daba-sharhan I just released a new version v2.0.0 which supports the native AWS way to authenticate. Using this, you shouldn't have the double authentication issue. Can you please try it out and let me know how it goes?

daba-sharhan commented 2 years ago

@abhilash1in Let me give it a spin and get back. Kudos to you for the quick update and release

daba-sharhan commented 2 years ago

@abhilash1in Hey @abhilash1in. Your new fix works like magic. I no longer use a separate action to authenticate with AWS. Yours is now sufficient with an all-in-one action + aws authentication. Thanks for the cool work.

noelatebid commented 2 years ago

@abhilash1in how do I pass the environment variable? I am trying to call it using ${{ env.variable_name }} but it doesn't populate

abhilash1in commented 2 years ago

@daba-sharhan that’s good to hear! Thank you. Closing this issue.

@noelatebid Please create a new issue with more details on what you’re trying to do and what you’ve done so far. I’m happy to help.