I may be missing something obvious here, but I can't seem to find documentation about retrieving a specific key/value from a secrets manager secret for an ECS task definition.
I have a secret with an ARN like so...
arn:aws:secretsmanager:<region>:<account>:secret:LDAP_Bind_Credentials-abcd
Within this secret I have key/value pairs like so...
LDAP_BIND_USER: <ldap bind user name>
LDAP_BIND_PASSWORD: <ldap bind user password>
What I want to be able to do, is define the environment variables in my task definition LDAP_BIND_USER and LDAP_BIND_PASSWORD, and reference the appropriate key within my secret.
Is this actually possible, or am I supposed to actually do the decoding of the key/value pairs within my program?
The documentation only seems to reference the ARN of the secret itself, not the key/value pairs within the secret.
Using secret it is not possible and you have to do the decoding inside the program.
Generally when ECS will retrieve the secrets it will give us that in json object like {"admin":"admin","pas":"pas"} and we have to decode it programmatically.
But another alternative will be make use of the AWS System Manager parameter store [1] to store secrets and in that case ECS will give you directly actual value for it.
[1] https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html