Skip to content

dwardu89/aws-ssm-parameter-store

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

48 Commits

.github

.github

 
 

dist

dist

 
 

node_modules

node_modules

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

index.js

index.js

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

Repository files navigation

AWS SSM Parameter Store GitHub Action

This GitHub Action allows you to inject parameters into AWS Systems Manager Parameter Store. It was created to solve the problem of secret management when using infrastructure as code.

Terraform requires extra work in order to secure your state file because the secret is stored as plain text. This would require you to encrypt/decrypt the statefile when you are modifying state.

CloudFormation requires you to store it before you can reference it.

This action helps solve this problem by allowing the user to provide the path and the value that wants to be stored in a GitHub Action and the value can be passed in as a secret from the github actions. Pair this with the Environments feature and you can have a GitHub Action CI that also manages secrets.

Inputs

aws-region

Required The AWS Region to use.

ssm-path

Required The value to be stored in the SSM Parameter Store Path.

ssm-value

Required The value to be stored in the SSM Parameter Store Path.

ssm-value-description

Optional A description of the value being inserted into SSM.

ssm-value-type

Optional The value type to store the SSM Parameter (String | StringList | SecureString). Default SecureString.

ssm-value-overwrite

Optional To overwrite the value of the SSM Parameter when inserting. Default true.

ssm-kms-key-id

Optional The AWS KMS Key ARN to use to encrypt the key. Default uses the AWS Provided KMS Key ID .

Example usage

name: store_secret
on:
  pull_request:
    branches:
      - master
jobs:
  add_to_ssm:
    runs-on: ubuntu-latest
    name: Store a Secret
    steps:
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: eu-west-1
      - name: Add hello SecureString to SSM
        uses: dwardu89/aws-ssm-parameter-store@latest
        with:
          ssm-path: "/dwardu89/hello"
          ssm-value: ${{ secrets.WORLD }}
          aws-region: eu-west-1
          ssm-value-type: "String"

Required IAM Permissions

In order to use this, your AWS User/Role must allow the ssm:PutParameter action.

e.g.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "PutSSMParameters",
      "Effect": "Allow",
      "Action": "ssm:PutParameter",
      "Resource": ["arn:aws:ssm:eu-west-1:1234567890:parameter/dwardu89/hello"]
    }
  ]
}

Local Testing

To test this action locally, you can use act

  1. Install act
  2. Make your AWS credentials accessible as variables on your command line. export AWS_ACCESS_KEY_ID="wasd"
  3. Run the command below.
act -j local_test_store_ssm --secret AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID --secret AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY --secret SSM_PATH="/joshghent/helloworld" --secret SSM_VALUE="hello"

Credit

Original code by @dwardu89

About

A GitHub Action to store parameters into AWS Systems Manager Parameter Store.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

10 stars

Watchers

2 watching

Forks

10 forks
Report repository

Releases 11

v2.0.2 🌈 Latest
Oct 26, 2022
+ 10 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages