GitHub Action that securely retrieves AWS SSM parameters using Chamber and exports them as environment variables in your workflow.
- Automatic Chamber installation
- Custom environment variable mappings
- Namespace control for parameters
- Works with standard AWS credential configurations
| Input | Description | Required | Default |
|---|---|---|---|
parameters |
List of SSM parameters with optional custom mappings (e.g., /my-app/db-password:MY_DB_PASSWORD) |
Yes | N/A |
namespaced |
Include namespace from parameter path in variable name (true/false) |
No | true |
aws-region |
AWS region for SSM parameters | No | us-east-1 |
aws-access-key-id |
AWS access key ID | No | (via environment variables) |
aws-secret-access-key |
AWS secret access key | No | (via environment variables) |
chamber_version |
Chamber version to install (2.10.12, latest, etc.) |
No | 2.10.12 |
How parameters are mapped to environment variable names:
- Parameter
/my-app/db-password→ Environment variableMY_APP_DB_PASSWORD - Parameter
/service/api-key→ Environment variableSERVICE_API_KEY
- Parameter
/my-app/db-password→ Environment variableDB_PASSWORD - Parameter
/service/api-key→ Environment variableAPI_KEY
- Parameter
/my-app/db-password:CUSTOM_NAME→ Environment variableCUSTOM_NAME
- name: Fetch SSM Parameters
uses: anudeepsamaiya/chamber-aws-ssm-parameter-store@v1
with:
parameters: |
/my-app/db-password
/my-app/api-key- name: Fetch SSM Parameters
uses: anudeepsamaiya/chamber-aws-ssm-parameter-store@v1
with:
parameters: |
/my-app/db-password
/my-app/api-key
aws-region: us-west-2
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}- name: Fetch SSM Parameters
uses: anudeepsamaiya/chamber-aws-ssm-parameter-store@v1
with:
parameters: |
/my-app/db-password
/my-app/api-key
namespaced: 'false'- name: Fetch SSM Parameters
uses: anudeepsamaiya/chamber-aws-ssm-parameter-store@v1
with:
parameters: |
/my-app/db-password:DATABASE_PASSWORD
/my-app/api-key:API_SECRET- name: Fetch SSM Parameters
uses: anudeepsamaiya/chamber-aws-ssm-parameter-store@v1
with:
parameters: |
/my-app/db-password
chamber_version: '2.10.12' # or 'latest' for the newest releasename: Deploy with SSM Parameters
on:
push:
branches: [main]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
# Configure AWS credentials (recommended approach)
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
# Fetch parameters from SSM
- name: Fetch SSM Parameters
uses: anudeepsamaiya/chamber-aws-ssm-parameter-store@v1
with:
parameters: |
/my-app/db-password
/my-app/api-key:API_SECRET_KEY
namespaced: 'true'
# Use the parameters in subsequent steps
- name: Deploy application
run: |
echo "Deploying with database password: $MY_APP_DB_PASSWORD"
echo "Using API key: $API_SECRET_KEY"
# Your deployment commands hereThe action supports various ways of providing AWS credentials:
-
Using aws-actions/configure-aws-credentials (Recommended):
- name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v2 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: us-east-1
-
Direct Input Parameters:
- name: Fetch SSM Parameters uses: anudeepsamaiya/chamber-aws-ssm-parameter-store@v1 with: parameters: | /my-app/db-password aws-region: us-east-1 aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
Environment Variables: The action will automatically use
AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY, andAWS_REGIONif they are set in the workflow environment.
- Docker and Docker Compose
- Node.js 18+
git clone https://github.com/anudeepsamaiya/chamber-aws-ssm-parameter-store.git
cd chamber-aws-ssm-parameter-store
make test # Run all testsThis project uses Docker Compose to provide a consistent development environment:
make docker-dev-env # Start the Docker development environmentThis will:
- Start a LocalStack container that simulates AWS services
- Start a test-runner container with Node.js
- Configure test parameters in LocalStack
- Set up necessary environment variables
make test # Run all unit and integration tests in Docker
make test-unit # Run only unit tests in Docker
make test-integration # Run only integration tests with LocalStack
make test-all # Run ALL tests (unit, integration, and GitHub Actions workflow tests)
make lint # Run ESLint
make validate # Validate action.yml formatThis project uses optimized GitHub Actions workflows for testing and CI/CD:
- Lint & Validate - Validates action configuration and runs linters
- Tests - Runs all test types:
- Unit tests for isolated functionality
- Integration tests with LocalStack
- Configuration tests for different parameter setups
- Usage Example - Demonstrates action usage in real workflows
To test locally (all commands use Docker):
make test-unit # Run only unit tests
make test-integration # Run only integration tests with LocalStack
make test # Run all tests (unit + integration)
make test-all # Run ALL tests in sequenceThis GitHub Action is licensed under the MIT License.