This package installs a command that pulls secrets from a given EC2 task definition file, with values defined as AWS SSM parameter ARNs, and transcribes the ARNs to their actual SSM values. It will then print the secret values to the screen, or save them to a file, in normal ENV=var format.
npm i -g ecs-secrets (global)
npm i ecs-secrets (local project)
Run against a task definition file, and ensure the AWS SSM credentials are set, ie:
ecs-secrets task-def.json -r <region> -i <access-key-id> -s <access-key-secret>
AWS credentials are read in order of precedence: command line > AWS credentials file > ENV vars
If a local .env file exists, it will read it. You can specify an environment-specific .env file to use by setting NODE_ENV. ie. NODE_ENV=development will try to read .env.development.
If using ENV vars, these should be defined:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_REGION
AWS_PROFILE (optional, if using a credentials file)
--version Show version number [boolean]
-r, --region AWS region [string]
-i, --accessId AWS access key ID [string]
-s, --accessKey AWS secret access key [string]
-t, --token AWS session token (optional) [string]
-p, --profile AWS profile name from shared credentials [string]
-o, --output Optional output file path [string]
-d, --decrypt Set true if your SSM is encrypted [boolean] [default: false]
-h Show the help menu [boolean]
npm i
npm run build
npm i -g