I am trying to use a secret stored in AWS Secret Manager in my ECS Task Definition. I am able to correctly retrieve the secret, as it exists if I SSM into my running container.
However, the env variable is not being populated correctly. Here is how I am configuring the secret in the task definition:
"secrets": [
{
"name": "test_secret",
"valueFrom": "arn:aws:secretsmanager:<region>:<acc-id>:secret:<some-secret-id>"
}
]
When I SSM into the container, and try to echo the env var I get this: {"key-of-secret":"value-of-secret"}, instead of the env variable having the value of the secret.
I have followed the documentation from AWS, but without any success.
Has anyone encountered this before? I am trying to set the env variable (specified here as test_secret) to the value of the actual secret (specified here as value-of-secret).
Managed to solve this one with extra digging.
The issue is that the secrets manager pulls in the entire secret, which is my case was all of key-value pairs in that secret, but with only 1 entry: {"key-of-secret":"value-of-secret"}.
In order to access a specific key, and thus retrieve the actual secret value, some extra configuration on the secret ARN needs to be made.
The ARN needs to include the secret's key name you wish to access, appended onto the complete ARN as follows: ::: .
Finally, the updated task definition would look as follows:
"secrets": [
{
"name": "test_secret",
"valueFrom": "arn:aws:secretsmanager:<region>:<acc-id>:secret:<some-secret-id>:<key-of-secret>::"
}
]
This would set the environment variable "test_secret" to the value of the key contained within the secret with id .