Learn how to deliver secrets to Amazon Elastic Container Service.
aws-ecs-with-agent
.
The guide will assume that aws-ecs-with-agent
is your working directory going forward.
62fd92aa8b63973fee23dec7
, in the dev
environment, and secrets located in the path /
, into a KEY=VALUE
format.
base64
so it can be set in the agent configuration file.
/infisical-agent/access-token
and render secrets to file /infisical-agent/secrets
.
You’ll notice that instead of passing the path to the secret template file as we normally would, we set the base64 encoded template from the previous step under base64-template-content
property.
base64
so it can be easily delivered via Terraform.
ecs.tf
file in your preferred code editor and assign values to auth_client_id
, auth_client_secret
, and agent_config
.
auth_client_id
, auth_client_secret
have been added directly into the ECS container definition.
However, in production, you should securely fetch these values from AWS Secrets Manager or AWS Parameter store and feed them directly to agent sidecar.infisical-sidecar
container below.
mountPoints
defined.
This mount point is referencing to the already configured EFS volume as shown below.
containerPath
is set to /infisical-agent
because that is that the folder we have instructed the agent to deposit the credentials to.
AWS Access Key
and Secret Key
.
Once you have generated these credentials, export them to your terminal.
terraform
access-token
and secrets
.
The access-token
file should hold a valid Bearer
token, which can be used to make HTTP requests to Infisical.
The secrets
file should contain secrets, formatted according to the specifications in our secret template file (presented in key=value format).