[aws-ecr-assets] Unable to provide secrets to DockerImageAsset build from SSM #11623
Labels
@aws-cdk/aws-ecr-assets
Related to AWS CDK Docker Image Assets
bug
This issue is a bug.
effort/medium
Medium work item – several days of effort
p1
Milestone
It is common to include company internal artifacts or require some other integrations when running Docker asset builds.
In our case, we just want to simply install some internal NPM packages when building the components.
Using
buildArgs
ofDockerImageAsset
for reading parameters from the SSM Secure Strings does not seem to be supported?This is also somewhat related to #10151 as the internal repositories can only be accessed via VPC connections.
Workaround
The pipeline setup contains:
The asset image build uses the provided NPM_TOKEN:
What did you expect to happen?
We'd like to have a documented way of providing some secrets to the DockerImageAsset.
What actually happened?
The provided secret is printed to the build log without masking it, which is not optimal.
Environment
Other
This is 🐛 Bug Report
The text was updated successfully, but these errors were encountered: