Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS: ${ssm} resolve vairbale as JSON if it is stored as JSON in Secrets Manager #5842

merged 2 commits into from Feb 19, 2019


4 participants
Copy link

exoego commented Feb 17, 2019

What did you implement:

Closes #5838

How did you implement it:

After this PR, ${ssm} resolves variable as JSON only if referencing to a secret stored in AWS Secrets Manager and returned value is valid JSON.
Otherwise it returns plain text.

It do not throw an error if invalid JSON, since AWS Secrets Manager can store any text including invalid JSON.

How can we verify it:

  1. npm install -g exoego/serverless#ssm-should-fail
  2. Create a secret foo in AWS Secrets Manager.
  "num": 1,
  "str": "secret"
  1. Create a serverless.yml
service: new-service
provider: aws
    name: hello
    handler: handler.hello
  supersecret: ${ssm:/aws/reference/secretsmanager/foo~true}
  1. Run sls print and confirm supersecret is like
     num: 1
     str: secret


  • Write tests
  • Write documentation
  • Fix linting errors
  • Make sure code coverage hasn't dropped
  • Provide verification config / commands / resources
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES
Is it a breaking change?: NO
This could be breaking change if existing users expect getting JSON as plaintext


dschep approved these changes Feb 18, 2019

Copy link

dschep left a comment

Added a question, but I think this is great! :shipit:

name: hello
handler: handler.hello

This comment has been minimized.


dschep Feb 18, 2019


How hard would it be to add ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true:hello}

Tho you can always work around it: ${self:custom.supersecret.hello}

@dschep dschep added this to In progress in Serverless via automation Feb 18, 2019

@dschep dschep added this to the 1.38.0 milestone Feb 18, 2019

@dschep dschep merged commit 90b18b4 into serverless:master Feb 19, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed

Serverless automation moved this from In progress to Done Feb 19, 2019

@exoego exoego deleted the exoego:ssm-json branch Feb 19, 2019


This comment has been minimized.

Copy link

jormaechea commented Feb 27, 2019

I know this is closed, but thanks @exoego.. This was almost driving me mad in v1.36 😝

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.