-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ActionSecret
and ActionEnvironmentSecret
should support JSON secrets
#22
Comments
Hi @ahammond |
@WtfJoke I was expecting to have to build something like this from scratch, but found this on https://constructs.dev/. Looks like it will be a great solution for my use case! |
Mhm after looking at it in a bit more detail it doesnt seem to possible to use it in a safe way in a Custom Resource (CR). You can only pass primitive values to a CR. I can provide an additional optional param to allow jsonField? to be passed. Or build something similar to a SecretValue (I planned already to build something like that in near future) |
@WtfJoke hmm... Not sure the right way to do this. Maybe add a |
Yeah that would be the easiest for short term. Im thinking of an own SecretValue class. Which supports the same parameters as the SecretValue you posted. In the meantime, your usecase could be possible with the current code. Github Actions support fromJson. So you can put the secret as it is and safe it as a github secret. Do fromJson when you need to use it. You can find the docs here: https://docs.github.com/en/actions/learn-github-actions/expressions#fromjson |
Let me know if it works for you :) |
I have secrets created by https://github.com/time-loop/cdk-user-with-access-key which consist of a JSON blob with two keys. I want to copy both these keys over to a GH Env Secret.
This construct almost does what I need. Would you be open to refactoring it to either work with a https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.SecretValue.html as input or to add intelligence to the lambda so that it detects when the secret is a JSON blob? Maybe have the option to pass undefined as the
repositorySecretName
which tells the lambda that it should parse the inbound secret and publish a number of secrets?The text was updated successfully, but these errors were encountered: