Feature Request: Support for Key-Value Pair Extraction from AWS Secrets Manager in ecspresso

[zaru]

Thank you for the amazing plugin
#618

In addition to plain text, AWS Secrets Manager also supports key-value pairs. Using the key-value format allows us to specify arbitrary keys and assign them to ECS environment variables. It would be convenient if ecspresso could support this feature.

By appending :key_name:: to the end of the Secrets Manager ARN, you can extract just the value of the specified key.

arn:aws:secretsmanager:region:000:secret:name-XXXX:HOGE_KEY::

ref: https://docs.aws.amazon.com/ja_jp/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html#secrets-envvar-secrets-manager-update-container-definition

Currently, all key-value pairs are inserted into a single environment variable in JSON format, which is inconvenient as it requires additional handling on the application side.

I would appreciate it if you could consider this feature.

[fujiwara]

@zaru Thank you for the feature request!

Consider a workaround to look up the JSON key in the value of the secret as below currently.

{
  "name": "HOGE_KEY",
  "valueFrom": "{{ secretsmanager_arn `name` }}:HOGE_KEY::"
}

I'm trying to expand the syntax of the secretsmanager_arn function, but that workaround may be simple and enough in practical.

[zaru]

@fujiwara Thank you! I hadn't noticed that way of writing it... I was able to successfully retrieve the value.