Mounting SecretsManager secret as a file #5690
Replies: 1 comment 1 reply
-
@al-dpopowich Thanks for the thoughtful request!
Copilot does not have the equivalent today - you do have to specify each secrets in the manifest file, individually. However - if this helps at all - you could bulk-create secrets using
This is certainly a feature request for us! I see you've reacted to #3778, that's all you need to do to help us gauge the need.
Like mentioned above, Private s3 bucket is an interesting idea! You can enable server-side encryption for the bucket. Then, you can give your ECS task role the permission to retrieve objects from that S3 bucket using addons. I think this is a viable option. I've also found this reddit discussion which you might be interested in as well - the permission hierarchy is an interesting point to consider! |
Beta Was this translation helpful? Give feedback.
-
I am investigating transitioning our current use of (the now deprecated) compose-ecs to copilot. One feature I'm sorely missing is the ability to declare secrets that will result in a mounted file on the running container. For example, when using
compose-ecs
, I could have in mydocker-compose.yml
file:And in my running container see the following files, the content of each being the value stored in SecretsManager:
The convenience of this cannot be overstated. Note how
keys: "*"
exploded each key in the JSON value ofcredentials
to its own file. And for the configuration file,app_config
, containing dozens and dozens of items (many containing sensitive data), can be found by may app with one environment variable:In compose-ecs they created a sidecar that would do this mount. I'm investigating if I can grab this image and use it as a sidecar with a copilot application, but meanwhile wondering:
compose-ecs
?)Beta Was this translation helpful? Give feedback.
All reactions