Fetch Secrets from AWS Secrets Manager #11
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Fetch Secrets from AWS Secrets Manager | |
on: | |
workflow_dispatch: | |
permissions: | |
id-token: write | |
contents: read | |
jobs: | |
fetch-secrets: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials from OIDC | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.ROLE_ARN }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Fetch secret from AWS Secrets Manager | |
id: fetch-secret | |
run: | | |
secret_value=$(aws secretsmanager get-secret-value --secret-id ${{ secrets.SECRET_NAME }} --query SecretString --output text) | |
echo "::set-output name=secret_value::$secret_value" | |
- name: setup environment | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name : Use the secret | |
run: | | |
echo "Using secret in the job: ${{ steps.fetch-secret.outputs.secret_value }}" | |
echo "SECRETS=${{ steps.fetch-secret.outputs.secret_value }}" >> $GITHUB_ENV # Store the secret in an environment variable | |
- name: Run Python script with API secret | |
run: python3 github-api.py | |
env: | |
API_SECRET: ${{ env.SECRETS }} | |