Use lambda wrapper scripts to auto-inject secrets as environment variables #48
Comments
|
AWS Compute Blog post on this topic: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
This project still requires a fair bit of boilerplate / copied code in order to access secrets in a users lambda. It would be nice if there was some way to securely make the secrets available as environment variables.
Describe the solution you'd like
As of 10/2020 lambda supports wrapper extensions seem to create the ability to wrap a runtime to inject environment variables. It would be nice if we could optionally inject the cloud formation and implementation code into a users lambda that 'magically' makes the secrets available in their environment.
Describe alternatives you've considered
When layers were initially introduced, the possibility of this was discussed. There are two other ways that this could potentially be introduced. 1. By implementing a custom runtime. Or 2. By injecting custom code into each runtime such that (runtime specific) it gets invoked. Both of these solutions would require re-implementation of a solution for every runtime. In addition, a custom runtime is potentially difficult to maintain. For option 2, it may not even be possible for every runtime. I'm aware of facilities in python to pre-load code (via site module), but it may not be possible for node or java.
Additional context
https://docs.aws.amazon.com/lambda/latest/dg/runtimes-modify.html
Specifically see the section on wrapper scripts.
The text was updated successfully, but these errors were encountered: