Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(@aws-cdk/aws-codepipeline-actions): Github Access Token / Secrets Manager not updating

See original GitHub issue

Recently we’ve had to update our personal access tokens for Github and we’ve had some CodePipelines setup through the CDK to use this through @aws-cdk/aws-codepipeline-actions.GitHubSourceAction.

After updating the secret in Secrets Manager through the console, all pipelines fail to build from Github as the previous token has been revoked. Re-deploying the CDK doesn’t do anything as technically nothings changed in there.

Reproduction Steps

  • Create a Personal Access token in Github
  • Save that PAT in Secrets Manager under /github/pipeline-token
  • Create a CodePipeline using CDK with the following source
    const sourceOutput = new Artifact();
    const sourceAction = new GitHubSourceAction({
        actionName: 'GithubSource',
        owner: 'repo-owner',
        repo: 'repo-name',
        oauthToken: SecretValue.secretsManager('/github/pipeline-token'),
        output: sourceOutput,
  • Run it once, it should run as expected
  • Re-generate the PAT in Github and update the value in Secrets Manager
  • Now do a release in the Pipeline and it will fail as the token no longer works

What did you expect to happen?

It should automatically get the latest version from SecretsManager

What actually happened?

It does not get the latest token version from SecretsManager


  • CDK CLI Version : 1.97.0
  • Framework Version:
  • Node.js Version: 12.20.1
  • OS : Ubuntu 20
  • Language (Version): TypeScript (4.2.3)


This is 🐛 Bug Report

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

justindracommented, Apr 7, 2021

Yea fair enough. I think at a minimum, maybe just state it as a limitation in the docs?

justindracommented, Apr 6, 2021

Hi @skinny85,

That didn’t seem to work. I did get it to update by doing the following:

  • Update branch name to something else
  • Deploy
  • Change branch name back to actual one
  • Deploy
Read more comments on GitHub >

github_iconTop Results From Across the Web

Using Secrets Manager for GitHub token fails authentication ...
I closed the issue because it's not the CDK - it's CloudFormation that's unable to get the webhook working without manual intervention.
Read more >
Resolve Secrets Manager secret access errors after updating ...
I attempted to retrieve or access an AWS Secrets Manager secret, ... This version of secret is not encrypted with the current KMS...
Read more >
Step 1: Add GitHub credentials to AWS Secrets Manager
We will be using AWS Secrets Manager to store our GitHub access token so that our CodeBuild project will be able to reference...
Read more >
Using secrets from Secret Manager | Cloud Build Documentation
Configuring builds to access UTF-8 secrets from Secret Manager ... to specify the secret version and the environment variable to use for the...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found