Skip to content

marvinpinto/action-inject-ssm-secrets

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits

dist

dist

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

action.yml

action.yml

 
 

Repository files navigation

AWS SSM Build Secrets for GitHub Actions

This action injects AWS SSM Parameter Store secrets as environment variables into your GitHub Actions builds.

It makes it easier to follow Amazon IAM best practices in respect to principle of least privilege and tracking credentials usage. Combined with the aws-actions/configure-aws-credentials action, this allows you to inject any combination of secrets from multiple stores, using different credential contexts.

Contents

  1. Usage Examples
  2. Supported Parameters
  3. Event Triggers
  4. Versioning
  5. How to get help
  6. License

NOTE: The marvinpinto/action-inject-ssm-secrets repository is an automatically generated mirror of the marvinpinto/actions monorepo containing this and other actions. Please file issues and pull requests over there.

Usage Examples

Inject your production Cloudflare API tokens into a build

---
name: "build-and-invalidate-cf-cache"

on:
  push:
    branches:
      - "master"

jobs:
  ci:
    runs-on: "ubuntu-latest"
    env:
      BUILD_STAGE: "production"

    steps:
      # ...

      - uses: "aws-actions/configure-aws-credentials@v1"
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: "us-east-1"
          role-to-assume: "arn:aws:iam::111111111111:role/build-and-deploy-website"
          role-duration-seconds: 1800 # 30 mins

      - uses: "marvinpinto/action-inject-ssm-secrets@latest"
        with:
          ssm_parameter: "/build-secrets/${{ env.BUILD_STAGE }}/cloudflare-account-id"
          env_variable_name: "cloudflare_account_id"

      - uses: "marvinpinto/action-inject-ssm-secrets@latest"
        with:
          ssm_parameter: "/build-secrets/${{ env.BUILD_STAGE }}/cloudflare-api-token"
          env_variable_name: "cloudflare_api_token"

      - name: "Build & Deploy"
        run: |
          echo "You will now have access to the CLOUDFLARE_ACCOUNT_ID and CLOUDFLARE_API_TOKEN environment variables in all your subsequent build steps"

Supported Parameters

Parameter Description Default
ssm_parameter** The AWS SSM parameter key to look up. null
env_variable_name** The corresponding environment variable name to assign the secret to. null

Notes:

  • Parameters denoted with ** are required.

Versioning

Every commit that lands on master for this project triggers an automatic build as well as a tagged release called latest. If you don't wish to live on the bleeding edge you may use a stable release instead. See releases for the available versions.

- uses: "marvinpinto/action-inject-ssm-secrets@<VERSION>"

How to get help

The main README for this project has a bunch of information related to debugging & submitting issues. If you're still stuck, try and get a hold of me on keybase and I will do my best to help you out.

License

The source code for this project is released under the MIT License. This project is not associated with GitHub or AWS.

About

READONLY: Auto-generated mirror for https://github.com/marvinpinto/actions/tree/master/packages/aws-ssm-secrets

github.com/marketplace/actions/aws-ssm-build-secrets-for-github-actions

Topics

aws ci secrets ssm secrets-management

Resources

Readme

License

MIT license
Activity

Stars

15 stars

Watchers

3 watching

Forks

10 forks
Report repository

Releases 6

Auto-generated release for tag v1.2.1 Latest
Jun 7, 2021
+ 5 releases