{"id":15692762,"url":"https://github.com/joatmon08/vault-agent-ecs","last_synced_at":"2025-08-20T21:23:51.775Z","repository":{"id":41103702,"uuid":"428811182","full_name":"joatmon08/vault-agent-ecs","owner":"joatmon08","description":"A Docker container to run Vault agent on Amazon ECS. Not officially supported by HashiCorp.","archived":false,"fork":false,"pushed_at":"2024-07-26T07:40:00.000Z","size":20,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-20T04:34:06.584Z","etag":null,"topics":["aws","ecs","hashicorp","vault"],"latest_commit_sha":null,"homepage":"https://learn.hashicorp.com/tutorials/vault/agent-aws-ecs","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/joatmon08.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-16T20:57:37.000Z","updated_at":"2024-05-22T18:10:48.000Z","dependencies_parsed_at":"2024-10-24T01:37:27.623Z","dependency_job_id":null,"html_url":"https://github.com/joatmon08/vault-agent-ecs","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joatmon08%2Fvault-agent-ecs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joatmon08%2Fvault-agent-ecs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joatmon08%2Fvault-agent-ecs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/joatmon08%2Fvault-agent-ecs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/joatmon08","download_url":"https://codeload.github.com/joatmon08/vault-agent-ecs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252969856,"owners_count":21833555,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","ecs","hashicorp","vault"],"created_at":"2024-10-03T18:39:57.690Z","updated_at":"2025-05-07T23:26:54.822Z","avatar_url":"https://github.com/joatmon08.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# vault-agent-ecs\n\nA container image to run Vault agent on Amazon ECS.\n\n\u003e **NOTE:** This is not an image supported by HashiCorp.\n\nThe container sets up an opinionated configuration in `agent.hcl` to use\nthe AWS IAM authentication method for Vault.\n\n| Environment Variable | Description |\n| --- | --- |\n| `VAULT_ROLE` | Name of the Vault role configured with the IAM auth method |\n| `TARGET_FILE_NAME` | Name of the file you're reading the template and writing the result. |\n| `VAULT_AGENT_TEMPLATE` | Base64 encoded template file that you want Vault agent to render |\n| `VAULT_AGENT_EXIT_AFTER_AUTH` | Must be `true` or `false`. Defaults to `true`. |\n\nVault agent will read the template from `/vault-agent` and write the\nresult to the `/config` directory.\n\nUse this container image as a sidecar in your Amazon ECS task definition.\nYou can use a shared EFS volume mounted at `/config` container path to store\nand read the rendered secrets from Vault agent.\n\nFor example, the Terraform configuration shows some of the attributes you need\nto set for the agent to run as a sidecar in your ECS task definition.\n\n```hcl\nresource \"aws_ecs_task_definition\" \"task\" {\n\n  ## ommited for clarity\n\n  volume {\n    name = \"vault\"\n\n    efs_volume_configuration {\n      file_system_id     = var.efs_file_system_id\n      transit_encryption = \"ENABLED\"\n      authorization_config {\n        iam             = \"ENABLED\"\n        access_point_id = var.efs_access_point_id\n      }\n    }\n  }\n\n  container_definitions = jsonencode(\n    [\n\n      ## add your container definition, make sure\n      ## it depends on the \"vault-agent\" container\n      ## and mounts the \"vault\" volume as read-only.\n\n      {\n        name             = \"vault-agent\"\n        image            = \"joatmon08/vault-agent-ecs:latest\"\n        essential        = false\n        logConfiguration = var.log_configuration\n        mountPoints = [{\n          sourceVolume  = \"vault\"\n          containerPath = \"/config\"\n          readOnly      = true\n        }]\n        cpu         = 0\n        volumesFrom = [],\n        healthCheck = {\n          \"command\" : [\n            \"CMD-SHELL\",\n            \"vault agent --help\"\n          ],\n          \"interval\" : 5,\n          \"timeout\" : 2,\n          \"retries\" : 3\n        },\n        environment = [\n          {\n            name  = \"VAULT_ADDR\"\n            value = var.vault_address\n          },\n          {\n            name  = \"VAULT_NAMESPACE\"\n            value = var.vault_namespace\n          },\n          {\n            name  = \"VAULT_ROLE\"\n            value = var.task_role.id\n          },\n          {\n            name  = \"TARGET_FILE_NAME\"\n            value = var.vault_agent_template_file_name\n          },\n          {\n            name  = \"VAULT_AGENT_TEMPLATE\"\n            value = var.vault_agent_template\n          },\n          {\n            name  = \"VAULT_AGENT_EXIT_AFTER_AUTH\"\n            value = tostring(var.vault_agent_exit_after_auth)\n          }\n        ]\n      }\n    ]\n  )\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoatmon08%2Fvault-agent-ecs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjoatmon08%2Fvault-agent-ecs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjoatmon08%2Fvault-agent-ecs/lists"}