npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

aws-secrets-manager-actions

v2.2.1

Published

GitHub Actions for AWS Secrets Manager

Downloads

17

Readme

AWS Secrets Manager Actions

npm version GitHub Actions Test GitHub Actions Release GitHub license

This GitHub Action lets you export secrets stored in AWS Secrets Manager to environment values in your GitHub runner.

Usage

Add the AWS IAM keys and the secret name that you want to use from your AWS Secrets Manager secrets list to your GitHub repo secrets. Then, in the GitHub actions yaml, add the following step.

  1. Using github openid-connect (Recommended)
steps:
 - name: Store ENV from AWS SecretManager
   uses: say8425/aws-secrets-manager-actions@v2
   with:
     AWS_DEFAULT_REGION: "YOUR-AWS-REGION"
     SECRET_NAME: ${{ env.SECRET_NAME }}
     OUTPUT_PATH: '.env' # optional
  1. Using github secrets
steps:
 - name: Export ENV from AWS SecretManager
   uses: say8425/aws-secrets-manager-actions@v2
   with:
     AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
     AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
     AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
     SECRET_NAME: ${{ secrets.SECRET_NAME }}
     OUTPUT_PATH: '.env' # optional

AWS IAM

You need an AWS IAM user that has policies to access/read the AWS Secrets Manager secret. Add this IAM user's access id/keys as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and region as AWS_DEFAULT_REGION in your repo's GitHub Secrets.

Policy

An example policy to provide the permissions to the user is given below:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "*"
        }
    ]
}

We recommend being more specific with the Resource in the policy by adding the secret ARN.

Get more information at AWS User Guide.

Secret Name

This is the secret name that you want to read the secrets from. Only one secret name is supported.

Environment Values

Your secrets will be exported as environment values into the github runner. These environment values are masked with *** in logs in the GitHub Actions for security purposes.

Raw string values

Most of the secrets can be parsed. However, in some case, parsing of secrets can fail. An example case is an invalid json. In such cases, the unparsed raw sting is stored in asm_secret env key.

Export environment variables to file

The environment variables can also be exported to a file with OUTPUT_PATH input parameter. When OUTPUT_PATH is defined, the GitHub action writes the environment variables to the specified filename.

Contributing

Your contributions are always welcome! Feel free to check issues or Pull Requests

License

This project is MIT licensed.