serverless/serverless-secrets-plugin

Name: serverless-secrets-plugin

Owner: Serverless

Description: null

Created: 2016-11-24 16:58:15.0

Updated: 2018-05-09 21:37:00.0

Pushed: 2017-10-16 12:30:12.0

Homepage: null

Size: 13

Language: JavaScript

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

Serverless Credentials Plugin

IMPORTANT NOTE: As pointed out in the AWS documentation for storing sensible information Amazon recommends to use AWS KMS instead of environment variables like this plugin.

serverless npm version license

Install

install --save-dev serverless-secrets-plugin

After that you need to add the plugin to your serverless.yml of you service.

Run the command serverless --help and verify the list of commands contain an encrypt and a decrypt command.

Usage

Create a secrets.{stage}.yml file for each stage e.g. secrets.dev.yml.

Store the keys in there, that you want to keep private e.g.

L_SERVICE_API_KEY: DEV_API_EXAMPLE_KEY_12
ION_KEY: DEV_SESSION_EXAMPLE_KEY_12

You can also provide a path prefix if you like to keep your secrets in a different directory e.g.

om:
cretsFilePathPrefix: config

Encrypt the secrets file for the desired stage by running

erless encrypt --stage dev --password '{your super secure password}'

This will result in an encrypted file e.g. secrets.dev.yml.encrypted. You can check the encrypted file into your version control system e.g. Git. It's recommened to add your unencrypted file to .gitignore or similar so you and your colleagues can't check it in by accident.

In your serverless.yaml you can use the file variable syntax to import the secrets and set them as environment variables. When you create or update Lambda functions that use environment variables, AWS Lambda encrypts them using the AWS Key Management Service. Read more about that in the AWS documentation here.

Whenever you want to deploy there needs to be the unencrypted version of the secrets file available otherwise the plugin will prevent the deployment.

Example

You can check out a full example in the Serverless Examples repository: serverless/examples/aws-node-env-variables-encrypted-in-a-file.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.