Pass sensitive data to an Amazon ECS container
You can safely pass sensitive data, such as credentials to a database, into your container.
You can use Secrets Manager or as a parameter in Systems Manager Parameter Store to store the secret.
You can retrieve secrets programmatically from the application, or by using environment variables.
To start, first store the sensitive data as a secret in Secrets Manager or as a parameter in Systems Manager Parameter Store. Then, use one of the following ways to expose the secret to the container.
Topics
- Best practices for secrets management in Amazon ECS
- Retrieve Secrets Manager secrets programmatically in Amazon ECS
- Retrieve Systems Manager Parameter Store secrets programmatically in Amazon ECS
- Retrieve Secrets Manager secrets through Amazon ECS environment variables
- Retrieve Systems Manager parameters through Amazon ECS environment variables
- Retrieve secrets for Amazon ECS logging configuration
- Specifying sensitive data using Secrets Manager secrets in Amazon ECS