Pass Secrets Manager secrets programmatically in Amazon ECS - Amazon Elastic Container Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Pass Secrets Manager secrets programmatically in Amazon ECS

Instead of hardcoding sensitive information in plain text in your application, you can use Secrets Manager to store the sensitive data.

We recommend this method of retrieving sensitive data because if the Secrets Manager secret is subsequently updated, the application automatically retrieves the latest version of the secret.

Create a secret in Secrets Manager. After you create a Secrets Manager secret, update your application code to retrieve the secret.

Review the following considerations before securing sensitive data in Secrets Manager.

  • Only secrets that store text data, which are secrets created with the SecretString parameter of the CreateSecret API, are supported. Secrets that store binary data, which are secrets created with the SecretBinary parameter of the CreateSecret API are not supported.

  • Use interface VPC endpoints to enhance security controls. You must create the interface VPC endpoints for Secrets Manager. For information about the VPC endpoint, see Create VPC endpoints in the Amazon Secrets Manager User Guide.

  • The VPC your task uses must use DNS resolution.

  • Your task definition must use a task role with the additional permissions for Secrets Manager. For more information, see Amazon ECS task IAM role.

Create the Secrets Manager secret

You can use the Secrets Manager console to create a secret for your sensitive data. For information about how to create secrets, see Create an Amazon Secrets Manager secret in the Amazon Secrets Manager User Guide.

Update your application to programmatically retrieve Secrets Manager secrets

You can retrieve secrets with a call to the Secrets Manager APIs directly from your application. For information, see Retrieve secrets from Amazon Secrets Manager in the Amazon Secrets Manager User Guide.

To retrieve the sensitive data stored in the Amazon Secrets Manager, see Code examples for Amazon Secrets Manager using Amazon SDKs in the Amazon SDK Code Examples Code Library.