[英]Set AWS Secret Manager value in docker environment
We have a node application running in ECS and have local credentials in the.env file but we don't want to load credentials from the.env file due to security.我们有一个在 ECS 中运行的节点应用程序,并且在 .env 文件中有本地凭据,但出于安全考虑,我们不想从 .env 文件加载凭据。 Rather, we want those to be injected by AWS into the container environment.相反,我们希望 AWS 将它们注入到容器环境中。 We don't want to use AWS SDK to fetch secrets in a node application.我们不想使用 AWS SDK 来获取节点应用程序中的机密。 Is there any way to inject all secrets into the container environment?有什么办法可以把所有的secret都注入到容器环境中吗?
Yes, you can specify where to get secrets in your container definitions.是的,您可以在容器定义中指定从何处获取机密。 Here is a snippet example:这是一个片段示例:
{
"containerDefinitions": [{
"secrets": [{
"name": "environment_variable_name",
"valueFrom": "arn:aws:secretsmanager:region:aws_account_id:secret:secret_name-AbCdEf"
}]
}]
}
Here is the full documentation . 这是完整的文档。 You'll also need to allow the scheduler (execution role) to read these secrets and set your resource policy for the secret to allow the required principal to get those secrets.您还需要允许调度程序(执行角色)读取这些机密并为机密设置资源策略以允许所需的委托人获取这些机密。
Yes, you can specify sensitive data to be automatically fetched and injected to your container.是的,您可以指定要自动获取敏感数据并将其注入到您的容器中。
You do this using secrets parameter of your Task Definition:您使用任务定义的secrets参数执行此操作:
Amazon ECS enables you to inject sensitive data into your containers by storing your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition.通过将敏感数据存储在AWS Secrets Manager机密或 AWS Systems Manager Parameter Store 参数中,然后在容器定义中引用它们,Amazon ECS 使您能够将敏感数据注入容器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.