New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document how to use Secrets Manager #5788

Merged
merged 4 commits into from Feb 4, 2019
Merged
Diff settings

Always

Just for now

@@ -39,6 +39,7 @@ You can define your own variable syntax (regex) if it conflicts with CloudFormat
- [External YAML/JSON files](#reference-variables-in-other-files) - [External YAML/JSON files](#reference-variables-in-other-files)
- [Variables from S3](#referencing-s3-objects) - [Variables from S3](#referencing-s3-objects)
- [Variables from AWS SSM Parameter Store](#reference-variables-using-the-ssm-parameter-store) - [Variables from AWS SSM Parameter Store](#reference-variables-using-the-ssm-parameter-store)
- [Variables from AWS Secrets Manager](#reference-variables-using-aws-secrets-manager)
- [CloudFormation stack outputs](#reference-cloudformation-outputs) - [CloudFormation stack outputs](#reference-cloudformation-outputs)
- [Properties exported from Javascript files (sync or async)](#reference-variables-in-javascript-files) - [Properties exported from Javascript files (sync or async)](#reference-variables-in-javascript-files)
- [Pseudo Parameters Reference](#pseudo-parameters-reference) - [Pseudo Parameters Reference](#pseudo-parameters-reference)
@@ -256,6 +257,23 @@ custom:


In this example, the serverless variable will contain the decrypted value of the SecureString. In this example, the serverless variable will contain the decrypted value of the SecureString.


## Reference Variables using AWS Secrets Manager
Variables in [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/) can be referenced [using SSM](https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-ps-secretsmanager.html). Use the `ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true` syntax(note `~true` as secrets are always encrypted). For example:


```yml
service: new-service
provider: aws
functions:
hello:
name: hello
handler: handler.hello
custom:
supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true}
```

In this example, the serverless variable will contain the decrypted value of the secret.

## Reference Variables in Other Files ## Reference Variables in Other Files
You can reference variables in other YAML or JSON files. To reference variables in other YAML files use the `${file(./myFile.yml):someProperty}` syntax in your `serverless.yml` configuration file. To reference variables in other JSON files use the `${file(./myFile.json):someProperty}` syntax. It is important that the file you are referencing has the correct suffix, or file extension, for its file type (`.yml` for YAML or `.json` for JSON) in order for it to be interpreted correctly. Here's an example: You can reference variables in other YAML or JSON files. To reference variables in other YAML files use the `${file(./myFile.yml):someProperty}` syntax in your `serverless.yml` configuration file. To reference variables in other JSON files use the `${file(./myFile.json):someProperty}` syntax. It is important that the file you are referencing has the correct suffix, or file extension, for its file type (`.yml` for YAML or `.json` for JSON) in order for it to be interpreted correctly. Here's an example:


ProTip! Use n and p to navigate between commits in a pull request.