-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SecretOptions for FireLens #8174
Comments
See also #7264. I was looking into a PR for that, but support for secret log options should be applicable to all log drivers. |
Hi @MartinLoeper, did you still have plans to try implementing this? Thanks! |
I am needing this functionality as well. |
…15351) This PR adds support for specifying secrets for the Firelens log driver. It adds the `secretOptions` property to the `LogConfiguration` of log drivers. Fixes [#8174](#8174) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
…ws#15351) This PR adds support for specifying secrets for the Firelens log driver. It adds the `secretOptions` property to the `LogConfiguration` of log drivers. Fixes [aws#8174](aws#8174) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
It is currently possible to define secrets for FireLens logging configurations. [1]
This is not implemented in the FireLensLogDriver from
@aws-cdk/aws-ecs
.[1] https://github.com/aws-samples/amazon-ecs-firelens-examples/blob/master/examples/fluent-bit/datadog/task-definition.json
Use Case
It is important to define secrets via secretOptions otherwise the API keys such as the DataDog API key are displayed as plain text in some logs.
Proposed Solution
I implemented a workaround as a custom class (which extends the current aws-cdk implementation), but I guess that the property should simply be added to the FireLensLogDriver.
My sample implementation above does not take into account Secrets Manager credentials.
It is for SSM parameters only.
This is a 🚀 Feature Request
The text was updated successfully, but these errors were encountered: