Search code examples

Github actions - pass secret variables to render ECS task definition action

In order to deploy new task to ECS im using amazon-ecs-render-task-definition GitHub action. This action receives a task-definition.json as a parameter. This JSON contain secrets that i dont want to push, is there a way to inject some parameter to this JSON? Maybe from aws secrets manager?

For example - task-definition.json

 "containerDefinitions": [
   "name": "wordpress",
   "links": [
  "image": "wordpress",
  "essential": true,
  "portMappings": [
      "containerPort": 80,
      "hostPort": 80
  "memory": 500,
  "cpu": 10
  "environment": [
      "name": "MYSQL_ROOT_PASSWORD",
      "value": ****"password"**** // ITS A SECRET!
  "name": "mysql",
  "image": "mysql",
  "cpu": 10,
  "memory": 500,
  "essential": true
 "family": "hello_world" }


  • Apparently there is a build in solution for using aws-scrent-manager secrets:

    "secrets": [
          "name": "DATABASE_PASSWORD",
          "valueFrom": "arn:aws:ssm:us-east-1:awsExampleAccountID:parameter/awsExampleParameter"