Skip to content

IndexSeek/github-action-aws-secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.github/workflows
.github/workflows
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
.pre-commit-config.yaml
.pre-commit-config.yaml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

GitHub Action AWS Secrets

Demonstration of using GitHub Actions for using AWS Credentials.

Example for (https://medium.com/dev-genius/secure-your-github-workflows-unlocking-the-power-of-aws-secrets-manager-c5825d8d0da3).

AWS Secrets Manager with GitHub Workflows

This repository provides a solution to integrate AWS Secrets Manager with GitHub workflows. By centralizing the secret management approach, you can simplify the management process and enhance your organization's security posture.

AWS Configuration

Secret Creation

To create a secret named AWESOME_SECRET with the value Shhh, run:

aws secretsmanager create-secret --name AWESOME_SECRET --secret-string "Shhh"

Make a note of the returned Arn.

User Creation

To create a user named github-secret-getter, run:

aws iam create-user --user-name github-secret-getter

Policy Creation

Create a JSON file named awesome_policy.json:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "secretsmanager:GetSecretValue",
            "Resource": "arn:aws:secretsmanager:<AWSRegion>:<AccountId>:secret:<SecretArn>"
        },
        {
            "Effect": "Allow",
            "Action": "secretsmanager:ListSecrets",
            "Resource": "*"
        }
    ]
}

Replace the placeholders with appropriate values and then create the policy:

aws iam create-policy --policy-name awesome_policy --policy-document file://awesome_policy.json

Make a note of the returned Arn.

aws iam attach-user-policy --user-name github-secret-getter --policy-arn <policy-arn>

Create Access Key

To create an access key for the github-secret-getter user, run:

aws iam create-access-key --user-name github-secret-getter

Make a note of the returned AccessKeyId and SecretAccessKey.

GitHub Configuration

Configure Action Secrets

Go to Settings > Secrets and variables > Actions. Click on "New repository secret". Add the previously created AccessKeyId and SecretAccessKey. Add a secret for the AWS region.

  1. Configure Workflow Create a file named .github/workflows/main.yml in the repo to test accessing the secret from AWS Secrets Manager.

Teardown (Optional) To remove the created resources:

aws iam detach-user-policy --user-name github-secret-getter --policy-arn <your-policy-arn>
aws iam delete-access-key --user-name github-secret-getter --access-key-id <your-access-key>
aws iam delete-user --user-name github-secret-getter
aws secretsmanager delete-secret --secret-id awesome_secret

Conclusion This repository is a hands-on exercise to configure AWS IAM and interact with the AWS CLI. It showcases how to work with GitHub actions while maintaining a limited privileges approach for AWS user permissions.

For a comprehensive explanation, check out the article.

Feel free to fork this repository and try it out!

🔗 Example Repository

Happy coding! 🚀

About

Actions for accessing secret manager objects.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published