Storing a Database Connection String in AWS Fargate Container

Question

Right now I have a container for an API that I am looking to push to an AWS Fargate instance that has a connection string for a DB on a privately hosted server. For testing this has been stored in a string in my Golang program, but I don't really want to push that even with the program already compiled.

I have looked into using the GO AWS SDK for the SecretsManager, but I am not sure if that is the best way to go, or if it will even work like I am hoping it will. What is the best way to handle this?

As long as your firewall rules are set up appropriately, it shouldn't really matter. I usually keep those types of things in environment variables. — tier1, Oct 26 '18 at 18:33
Have you taken a look at Docker secrets? https://docs.docker.com/engine/swarm/secrets/ — Oscar Nevarez, Oct 26 '18 at 22:19
Isn't Docker Secrets a Swarm feature? You wouldn't be able to use it in conjunction with Fargate. — bluescores, Oct 31 '18 at 18:51
@bluescores there is a golang sdk that gives you access to secrets. — Thingable, Oct 31 '18 at 19:33

score 1 · Answer 1 · answered Feb 27 '19 at 11:18

Hardcoding things into the program is obviously never the best choice, so I share your pain and the need for something better, that could be:

Define the connection string into an environment variable. This solution does not keep the information "secret", so if it's something that you would not like to have it readable in any way, try with the next
Define the connection string into Secrets Manager and refer to in the environment variable definition

Doing this with CloudFormation we will have in the first case:

...
Environment:
  -
    Name: CONNECTION_STRING
    Value: 'YOUR VALUE'
...

While in the second case we would have:

...
Environment:
  -
    Name: CONNECTION_STRING
    Value: '{{resolve:secretsmanager:MySecret:SecretString:connection_string}}'
...

Storing a Database Connection String in AWS Fargate Container

1 Answers1