{"id":48600731,"url":"https://github.com/accendero/aws-ssm-json-to-env","last_synced_at":"2026-04-15T18:03:33.925Z","repository":{"id":211004365,"uuid":"537687170","full_name":"Accendero/aws-ssm-json-to-env","owner":"Accendero","description":"Export AWS SSM json params to GITHUB_ENV","archived":false,"fork":false,"pushed_at":"2023-06-05T20:21:09.000Z","size":4,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2023-12-06T00:38:27.229Z","etag":null,"topics":["aws-ssm","environment-variables","github-actions","json"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Accendero.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-09-17T03:28:27.000Z","updated_at":"2023-12-06T00:38:29.912Z","dependencies_parsed_at":"2023-12-06T00:48:39.739Z","dependency_job_id":null,"html_url":"https://github.com/Accendero/aws-ssm-json-to-env","commit_stats":null,"previous_names":["accendero/aws-ssm-json-to-env"],"tags_count":2,"template":null,"template_full_name":null,"purl":"pkg:github/Accendero/aws-ssm-json-to-env","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Accendero%2Faws-ssm-json-to-env","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Accendero%2Faws-ssm-json-to-env/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Accendero%2Faws-ssm-json-to-env/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Accendero%2Faws-ssm-json-to-env/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Accendero","download_url":"https://codeload.github.com/Accendero/aws-ssm-json-to-env/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Accendero%2Faws-ssm-json-to-env/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31575755,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-ssm","environment-variables","github-actions","json"],"created_at":"2026-04-08T22:01:39.249Z","updated_at":"2026-04-08T22:01:40.093Z","avatar_url":"https://github.com/Accendero.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Use Amazon AWS SSM JSON Parameter as environment variables\n\nThis action will fetch a secret JSON parameter from the AWS SSM Parameter Store\nand set all keys as environment variables. The parameter is expected to be a\nJSON object with string values.\n\n**The keys of the JSON object will be used as the environment variable names. This\ncould potentially overwrite existing environment variables.**\n\n- [Usage](#usage)\n  - [Fetching Parameters](#fetching-parameters)\n  - [Fetching Parameters with OIDC](#fetching-parameters-with-oidc)\n  - [Decrypt and exporting](#decrypt-and-exporting)\n  - [Inputs](#inputs)\n  - [Outputs](#outputs)\n- [Examples](#examples)\n  - [Storing the SSM parameters as JSON](#storing-the-ssm-parameters-as-json)\n  - [Example Workflow](#example-workflow)\n  - [Example Workflow with OIDC](#example-workflow-with-oidc)\n- [Development](#development)\n  - [Running Tests Locally](#running-tests-locally)\n\n## Usage\n\nAdd the entry below to your workflow file. The `pgp_passphrase` should be a\nGitHub secret and is only used by the action to encrypt the environment variables\nas they are passed to other steps in the workflow.\n\n### Fetching parameters\n\nThe example below will fetch the parameters from SSM and create an encrypted\nstring as an output for use in other jobs or steps.\n\n```yaml\nuses: accendero/aws-ssm-json-to-env@v2\nid: \u003cstep id 1\u003e\nwith:\n  access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}\n  secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n  region: ${{ secrets.AWS_DEFAULT_REGION }}\n  parameter_name: \"/my-project/config/cicd\"\n  pgp_passphrase: ${{ secrets.PGP_PASSPHRASE }}\n```\n\n### Fetching parameters with OIDC\n\nIf you're using OIDC authentication (via `aws-actions/configure-aws-credentials`),\nyou can omit the `access_key_id` and `secret_access_key` inputs. The action will\nuse the existing AWS session credentials.\n\n```yaml\n- uses: aws-actions/configure-aws-credentials@v4\n  with:\n    role-to-assume: arn:aws:iam::123456789012:role/my-github-actions-role\n    aws-region: us-east-1\n\n- uses: accendero/aws-ssm-json-to-env@v2\n  id: \u003cstep id 1\u003e\n  with:\n    region: us-east-1\n    parameter_name: \"/my-project/config/cicd\"\n    pgp_passphrase: ${{ secrets.PGP_PASSPHRASE }}\n```\n\n### Decrypt and exporting\n\nThe example below will decrypt a previously fetched SSM environment and export\nits variables to the current job's environment.\n\n```yaml\nuses: accendero/aws-ssm-json-to-env@v2\nid: \u003cstep id 2\u003e\nwith:\n  pgp_passphrase: ${{ secrets.PGP_PASSPHRASE }}\n  decrypt: ${{ steps.\u003cstep id 1\u003e.outputs.encrypted_environment }}\n```\n\n### Inputs\n\n* `access_key_id` - AWS access key ID (optional if using OIDC or existing session)\n* `secret_access_key` - AWS secret access key (optional if using OIDC or existing session)\n* `region` - AWS region (required when fetching parameters)\n* `parameter_name` - Name of the parameter to fetch (required when fetching parameters)\n* `pgp_passphrase` - Passphrase to encrypt the environment variables\n* **TODO**: `parameter_version` - Version of the parameter to fetch, latest is used by default\n* `decrypt` - The value of an encrypted environment variables string. Passing this\n  in will decrypt the variables and set then in the environment for the current\n  job.\n\n### Outputs\n\nThe only output for this action is an encrypted string of the environment variables.\n* `encrypted_environment` - Encrypted string of the environment variables\n\n## Examples\n\n### Storing the SSM parameters as JSON\n\nThe SSM parameter should be a JSON object with string values. For example:\n\n```json\n{\n    \"MY_ENV_VAR\": \"my value\",\n    \"MY_OTHER_ENV_VAR\": \"my other value\"\n}\n```\n\n### Example workflow\n\nThe workflow below will fetch the SSM parameter `/my-project/config/cicd` and\nstore the encrypted variables string as an output. The output will then be\ndecrypted and set in the environment for the `print_a_variable` job.\n\n```yaml\nname: Deploy to environment\n\non: push\n\njobs:\n  setup:\n    runs-on: ubuntu-latest\n    outputs:\n      encrypted_environment: ${{ steps.ssm.outputs.encrypted_environment }}\n    steps:\n      - uses: actions/checkout@v1\n      - uses: accendero/aws-ssm-json-to-env@v2\n        id: ssm\n        with:\n          access_key_id: ${{ secrets.AWS_ACCESS_KEY_ID }}\n          secret_access_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}\n          region: ${{ secrets.AWS_DEFAULT_REGION }}\n          parameter_name: \"/my-project/config/cicd\"\n          pgp_passphrase: ${{ secrets.PGP_PASSPHRASE }}\n\n  print_a_variable:\n    runs-on: ubuntu-latest\n    needs: setup\n    steps:\n      - uses: actions/checkout@v1\n      - uses: accendero/aws-ssm-json-to-env@v2\n        with:\n           decrypt: ${{ needs.setup.outputs.encrypted_environment }}\n           pgp_passphrase: ${{ secrets.PGP_PASSPHRASE }}\n      - run: echo \"${{ env.MY_ENV_VAR }}, ${{ env.MY_OTHER_ENV_VAR }}\"\n```\n\n### Example workflow with OIDC\n\nThis workflow uses OIDC authentication instead of static access keys. You'll need\nto configure an IAM role with a trust policy for GitHub Actions OIDC.\n\n```yaml\nname: Deploy to environment\n\non: push\n\npermissions:\n  id-token: write\n  contents: read\n\njobs:\n  setup:\n    runs-on: ubuntu-latest\n    outputs:\n      encrypted_environment: ${{ steps.ssm.outputs.encrypted_environment }}\n    steps:\n      - uses: actions/checkout@v4\n      - uses: aws-actions/configure-aws-credentials@v4\n        with:\n          role-to-assume: arn:aws:iam::123456789012:role/my-github-actions-role\n          aws-region: us-east-1\n      - uses: accendero/aws-ssm-json-to-env@v2\n        id: ssm\n        with:\n          region: us-east-1\n          parameter_name: \"/my-project/config/cicd\"\n          pgp_passphrase: ${{ secrets.PGP_PASSPHRASE }}\n\n  print_a_variable:\n    runs-on: ubuntu-latest\n    needs: setup\n    steps:\n      - uses: actions/checkout@v4\n      - uses: accendero/aws-ssm-json-to-env@v2\n        with:\n           decrypt: ${{ needs.setup.outputs.encrypted_environment }}\n           pgp_passphrase: ${{ secrets.PGP_PASSPHRASE }}\n      - run: echo \"${{ env.MY_ENV_VAR }}, ${{ env.MY_OTHER_ENV_VAR }}\"\n```\n\n## Development\n\n### Running tests locally\n\nThis project uses [act](https://github.com/nektos/act) to run GitHub Actions locally.\n\n#### Install act\n\nIf you follow the linux instructions below, it may install to the local directory you are running the installation\ncommand from, and the resulting binary will be in `./bin/act`. You can move this to a directory in your PATH or add the \nlocal directory to your PATH to run `act` from anywhere.\n\nAdditionally, act requires docker to run the GitHub Actions locally, so make sure you have Docker installed and \nrunning on your machine.\n\n```bash\n# macOS\nbrew install act\n\n# Linux\ncurl -s https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash\n\n# Other methods: https://github.com/nektos/act#installation\n```\n\n#### Configure act\n\nRun the setup script to generate `.actrc` with the correct Docker socket path for your system:\n\n```bash\n./setup-act.sh\n```\n\nThis will auto-detect your Docker socket location (works with Docker Desktop and standard installations).\n\n#### Run tests\n\nThe test suite includes validation tests and decrypt tests that don't require AWS\ncredentials, plus an integration test that requires real AWS access.\n\n```bash\n# Run validation tests (no AWS credentials needed)\nact -j test-validation\n\n# Run decrypt tests (no AWS credentials needed)\nact -j test-decrypt\n\n# Run both validation and decrypt tests\nact -j test-validation -j test-decrypt\n```\n\n#### Run integration tests with AWS\n\nTo run the SSM integration tests, you need AWS credentials and a test parameter.\n\n1. Copy the secrets example file:\n   ```bash\n   cp .secrets.example .secrets\n   ```\n\n2. Edit `.secrets` with your AWS credentials and test parameter:\n   ```\n   AWS_ACCESS_KEY_ID=your-access-key-id\n   AWS_SECRET_ACCESS_KEY=your-secret-access-key\n   AWS_REGION=us-east-1\n   SSM_PARAMETER_NAME=/test/parameters\n   ```\n\n3. Run the integration test:\n   ```bash\n   act -j test-ssm-fetch --secret-file .secrets\n   ```\n\nAlternatively, pass secrets directly:\n```bash\nact -j test-ssm-fetch \\\n  -s AWS_ACCESS_KEY_ID=xxx \\\n  -s AWS_SECRET_ACCESS_KEY=xxx \\\n  -s AWS_REGION=us-east-1 \\\n  -s SSM_PARAMETER_NAME=/your/test/param\n```      \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccendero%2Faws-ssm-json-to-env","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faccendero%2Faws-ssm-json-to-env","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faccendero%2Faws-ssm-json-to-env/lists"}