🔔 What’s New?

AWS has announced that AWS Code Pipeline now supports using AWS Secrets Manager inside Commands actions!
You can securely inject secrets (like API keys, tokens, and credentials) as environment variables, directly from Secrets Manager.

💡 Why It Matters

Before this update, developers often:

• Hardcoded secrets into buildspec.yml
• Stored sensitive values directly in environment variables
• Used workarounds to pull secrets via scripts

This was risky and error-prone.

Now, you can pass secrets securely and natively using Secrets Manager — no more secrets in plain text!

✅ Real-World Example: Use GitHub Token Securely

Imagine you need to clone a private GitHub repo inside your pipeline.

🔐 Step 1: Store the GitHub token in AWS Secrets Manager

Key: github-token
ARN: arn:aws:secretsmanager:us-east-1:123456789012:secret:github-token-Abc123

⚙️ Step 2: Reference the secret in your Code Pipeline YAML

Actions:
  - Name: ClonePrivateRepo
    ActionTypeId:
      Category: Test
      Owner: AWS
      Provider: Commands
      Version: 1
    Configuration:
      Commands: |
        echo "Cloning repo..."
        git clone https://git:$GITHUB_TOKEN@github.com/yourorg/private-repo.git
      EnvironmentVariables:
        - Name: GITHUB_TOKEN
          Type: SecretsManager
          Value: arn:aws:secretsmanager:us-east-1:123456789012:secret:github-token-Abc123

✅ Your GitHub token is injected securely as $GITHUB_TOKEN without ever being exposed.

📌 Key Benefits

• 🔐 Improved security: No plaintext credentials in code
• ⚙️ Easier automation: Seamless secret injection in pipelines
• 📉 Reduced risk: Centralized and managed secret lifecycle

💬 Share Your Thoughts

Have you tried using Secrets Manager with CodePipeline yet?
Drop a comment below or share how you're securing secrets in your CI/CD pipelines. 👇