Closed JohnPreston closed 2 years ago
On top of that, in x-secret
, allow to give a custom env var name
secrets:
my-secret:
x-secret:
Name: /some/secret
VarName: MY_VERY_SECRET
if not specified, apply changes to secret: replace('-', '_').upper() + remove all non alpha numeric.
here, my-secret
would become MY_SECRET
The value for MY_VERY_SECRET
would be the secret Name
or the secret ARN (favor the ARN)
It'd make more sense to make the secret available to both the task and execution role by default for "ease of use" and let the user restrict which roles should have access with
LinksTo
when they want to improve security further.