Retrieve GitHub App private key from AWS Secrets Manager instead of hardcoding it

[der-eismann]

It's not a good practice to store credentials in terraform files and even worse when checking them in to a git repo. It would be nice if one could fetch the private key from AWS Secrets Manager instead. It would be a manual step to store the secret there, but it would be more secure.

[npalm]

Currently secrets are stored in SSM as secrets.

[ScottGuymer]

I would expect that you call this module wrapped in some top level module. Nothing is preventing you from retrieving the token in that top level module and pushing it into the invocation of the module without needing to store it locally.

In this way we are completely flexible in how you want to store the secrets that this module is dependent on, you can store them in SSM, HC Vault, Azure KeyVault or wherever you might need to.

[der-eismann]

That's a good point, thanks for your input @ScottGuymer.