Skip to content

Commit 1a9adb4

Browse files
수정 (#547)
1 parent b2c48d2 commit 1a9adb4

1 file changed

Lines changed: 5 additions & 5 deletions

File tree

.github/workflows/deploy.yml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -104,7 +104,7 @@ jobs:
104104
INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=TT-ec2-1" "Name=instance-state-name,Values=running" --query "Reservations[].Instances[].InstanceId" --output text)
105105
echo "INSTANCE_ID=$INSTANCE_ID" >> $GITHUB_ENV
106106
107-
- name: AWS SSM Send-Command (보안 강화 - Parameter Store 사용)
107+
- name: AWS SSM Send-Command (EC2 로컬 토큰 사용 - 노출 방지)
108108
run: |
109109
aws ssm send-command \
110110
--instance-ids "${{ env.INSTANCE_ID }}" \
@@ -126,13 +126,13 @@ jobs:
126126
127127
"cd docker/",
128128
129-
"# AWS Parameter Store에서 안전하게 토큰 가져오기",
130-
"export DOPPLER_TOKEN=$(aws ssm get-parameter --name /tt/doppler-token --with-decryption --query Parameter.Value --output text --region ap-northeast-2)",
129+
"# EC2에 저장된 토큰 파일에서 안전하게 읽기 (SSM 로그에 노출 안됨)",
130+
"export DOPPLER_TOKEN=$(sudo cat /etc/tt-secrets/doppler-token)",
131131
"export DOPPLER_PROJECT=tt",
132132
"export DOPPLER_CONFIG=prd",
133133
134-
"# GitHub 토큰도 Parameter Store에서 가져오기",
135-
"GITHUB_TOKEN=$(aws ssm get-parameter --name /tt/github-token --with-decryption --query Parameter.Value --output text --region ap-northeast-2)",
134+
"# GitHub 토큰도 파일에서 읽기",
135+
"GITHUB_TOKEN=$(sudo cat /etc/tt-secrets/github-token)",
136136
"echo \"$GITHUB_TOKEN\" | docker login ghcr.io -u ${{ github.actor }} --password-stdin 2>/dev/null",
137137
138138
"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose pull",

0 commit comments

Comments
 (0)