Remove prefix from environment variable name while fetching multiple secrets starting with prefix

[manpreet-compro]

Hi, I have following setup currently in my applications.

I name the secrets in a particular faishon to identify across environment
e.g.
/APP/DEV/SECRET_1
/APP/DEV/SECRET_2
/APP/QA/SECRET_1
/APP/QA/SECRET_2

Then in the build script, based on the environment, I fetch the keys by prefix i.e. /APP/DEV for Dev environment. If we assume above example, it setup 2 environment variables SECRET_1 and SECRET_2. By this strategy, I can keep my code independent of environment in which it is running.

I checked the documentation, there is an example to fetch all the secrets starting with a prefix, However the environment variable also includes the prefix part.

- name: Get Secret Names by Prefix
  uses: aws-actions/aws-secretsmanager-get-secrets@v2
  with:
    secret-ids: |
      beta*    # Retrieves all secrets that start with 'beta'

I am trying to find out if such a support exists currently or if can be planned in future

[jirkafajfr]

Hello Manpreet,

We will look into this request, but as of today we don't support the prefix removal. In meantime you can enumerate secrets one by one and then rename them:

with:
  secret-ids: |
    SECRET_1,/APP/DEV/SECRET_1
    SECRET_2,/APP/DEV/SECRET_2

with:
  secret-ids: |
    SECRET_1,/APP/QA/SECRET_1
    SECRET_2,/APP/QA/SECRET_2

I would like to also suggest having separate AWS account per environment. In such layout the IAM role accessing the secrets drives the account selection (DEV/QA/PROD), and the secrets are named simply as SECRET_1 and SECRET_2 for every environment.

[ahmadnazeri]

We are in need of this functionality as well! Is there any timelines for this or an opportunity to contribute?

[gerharddev]

Is there any update on this? We also need to remove the prefix when retrieving multiple secrets