[FR] `secrets` should be available to both task and exec roles by default

compose-x / ecs_composex

Manage, Configure and Deploy your services and AWS services and applications from your docker-compose definitions

https://docs.compose-x.io

Mozilla Public License 2.0

160 stars 16 forks source link

[FR] `secrets` should be available to both task and exec roles by default #635

Closed JohnPreston closed 2 years ago

JohnPreston commented 2 years ago

It'd make more sense to make the secret available to both the task and execution role by default for "ease of use" and let the user restrict which roles should have access with LinksTo when they want to improve security further.

JohnPreston commented 2 years ago

On top of that, in x-secret, allow to give a custom env var name


secrets:
  my-secret:
    x-secret:
      Name: /some/secret
      VarName: MY_VERY_SECRET

if not specified, apply changes to secret: replace('-', '_').upper() + remove all non alpha numeric. here, my-secret would become MY_SECRET

The value for MY_VERY_SECRET would be the secret Name or the secret ARN (favor the ARN)