By using AWS re:Post, you agree to the AWS re:Post Terms of Use

secretsmanager ARN for json-formatted secrets by jsonkey

0

I have several secretsmanager secrets formatted in json-format: {"AUTH_PASSWORD":"SomeSecretPW","DATABASE_URL":"postgres://postgres:SomeSecretURL?schema=public","AUTH_USERNAME":"SomeSecretUsername","CLIENT_ID":"SomeSecretClientID","CLIENT_SECRET":"SomeSecretClientSecret"}

I have set up an ECS Task Definition that references them successfully using this syntax, but I've been unable to find documentation to explain the trailing colons "::" on the ARN's. Why does this work? Is this syntax correct?

Is this an undocumented feature?

        "secrets": [
            {
                "name": "AUTH_PASSWORD",
                "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:AUTH_PASSWORD::"
            },
            {
                "name": "AUTH_USERNAME",
                "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:AUTH_USERNAME::"
            },
            {
                "name": "DATABASE_URL",
                "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:DATABASE_URL::"
            },
            {
                "name": "CLIENT_ID",
                "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:OKTA_CLIENT_ID::"
            },
            {
                "name": "CLIENT_SECRET",
                "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:dev/onboarding-orchestrator/secrets-QXPnJp:CLIENT_SECRET::"
            }
        ]
1 Answer
1
Accepted Answer
profile pictureAWS
EXPERT
answered 3 months ago
profile picture
EXPERT
reviewed 3 months ago
profile picture
EXPERT
reviewed 3 months ago
profile picture
EXPERT
reviewed 3 months ago
  • thank you!

  • for my own future reference, the '::' double-colon signifies the end of the ARN, and tells ECS to look for the final string, i.e. CLIENT_SECRET within the preceding secret name in the ARN.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions