为了将新任务部署到 ECS,我使用amazon-ecs-render-task-definition GitHub 操作。此操作接收 task-definition.json 作为参数。这个 JSON 包含我不想推送的秘密,有没有办法向这个 JSON 注入一些参数?也许来自 aws Secret Manager?
例如 -任务定义.json
{
"containerDefinitions": [
{
"name": "wordpress",
"links": [
"mysql"
],
"image": "wordpress",
"essential": true,
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
],
"memory": 500,
"cpu": 10
},
{
"environment": [
{
"name": "MYSQL_ROOT_PASSWORD",
"value": ****"password"**** // ITS A SECRET!
}
],
"name": "mysql",
"image": "mysql",
"cpu": 10,
"memory": 500,
"essential": true
}],
"family": "hello_world" }