New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS: ${ssm} resolve vairbale as JSON if it is stored as JSON in Secrets Manager #5842
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added a question, but I think this is great!
name: hello | ||
handler: handler.hello | ||
custom: | ||
supersecret: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How hard would it be to add ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true:hello}
Tho you can always work around it: ${self:custom.supersecret.hello}
😁
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it would involve some "caching" so it's not requesting SSM every time this line is references. Using custom
seems more elegant!
I know this is closed, but thanks @exoego.. This was almost driving me mad in v1.36 😝 |
As per it is possible to access Parameter Store items. And I try to access them as written here. But currently, the parameters set in Would it be possible to extend this merge to not only support Secret Manager variables containing |
@exoego is there a way not to resolve variable as JSON and treat it as a string? |
As shown in comments to #5869, using |
What did you implement:
Closes #5838
How did you implement it:
After this PR,
${ssm}
resolves variable as JSON only if referencing to a secret stored in AWS Secrets Manager and returned value is valid JSON.Otherwise it returns plain text.
It do not throw an error if invalid JSON, since AWS Secrets Manager can store any text including invalid JSON.
How can we verify it:
npm install -g exoego/serverless#ssm-should-fail
foo
in AWS Secrets Manager.serverless.yml
sls print
and confirmsupersecret
is likeTodos:
Is this ready for review?: YES
Is it a breaking change?: NO
This could be breaking change if existing users expect getting JSON as plaintext