{"id":26481490,"url":"https://github.com/f-lombardo/secrets-loader","last_synced_at":"2026-02-16T23:38:20.646Z","repository":{"id":237640059,"uuid":"785632023","full_name":"f-lombardo/secrets-loader","owner":"f-lombardo","description":"Load secret values from SSM and Secrets Manager into environment variables for Bref AWS Lambda functions","archived":false,"fork":false,"pushed_at":"2024-11-11T10:57:27.000Z","size":57,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-16T05:47:03.285Z","etag":null,"topics":["aws-lambda","bref","php","serverless"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/f-lombardo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-12T09:35:09.000Z","updated_at":"2024-06-22T15:04:26.000Z","dependencies_parsed_at":"2024-05-10T14:55:34.259Z","dependency_job_id":null,"html_url":"https://github.com/f-lombardo/secrets-loader","commit_stats":null,"previous_names":["f-lombardo/secrets-loader"],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-lombardo%2Fsecrets-loader","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-lombardo%2Fsecrets-loader/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-lombardo%2Fsecrets-loader/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/f-lombardo%2Fsecrets-loader/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/f-lombardo","download_url":"https://codeload.github.com/f-lombardo/secrets-loader/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244542250,"owners_count":20469293,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-lambda","bref","php","serverless"],"created_at":"2025-03-20T03:20:53.624Z","updated_at":"2025-10-13T08:39:39.578Z","avatar_url":"https://github.com/f-lombardo.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/f-lombardo/secrets-loader/badge)](https://securityscorecards.dev/viewer/?uri=github.com/f-lombardo/secrets-loader)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=f-lombardo_secrets-loader\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=f-lombardo_secrets-loader)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/8773/badge)](https://www.bestpractices.dev/projects/8773)\n\n# Load secrets \nAutomatically load secrets from SSM into environment variables when running with Bref.\n\nThis work is a fork of the [project](https://github.com/brefphp/secrets-loader) created by [Matthieu Napoli](https://github.com/mnapoli), who is also the creator of the amazing [Bref](https://bref.sh/) project.\n\nI introduced here the ability to load parameters from Secrets Manager and to have an SSM parameter containing many application environment variables in ini format.\n\n## Load secrets from Secrets Manager\n\nThis library replaces at runtime secrets read from AWS Secrets Manager. Those secrets can be both in JSON format or in plain text.\n\n```yaml\nprovider:\n    # ...\n    environment:\n        MY_PARAMETER: bref-secretsmanager:/my-app/my-parameter-in-plain-text\n        MY_PARAMETER_JSON: bref-secretsmanager-json:/my-app/my-parameter-in-json\n```\n\nIn this example the Bref Lambda function will see an environment variable `MY_PARAMETER` which value will be the content of secret `/my-app/my-parameter-in-plain-text`.\nSecret pointed by `/my-app/my-parameter-in-json` should be a JSON string of the form:\n```json\n{\n  \"VAR1\": \"value1\", \n  \"VAR2\": \"value2\"\n}\n```\nThe Lambda function will have access to two environment variables `VAR1=value1` and `VAR2=value2`.\n\n## SSM parameter in .ini format\n\nMigrating an existing complex Symfony application to Bref leads to having many environment variables defined in `serverless.yml`.\nInstead of having a one to one mapping between lambda environment variables and SSM parameters, \nI suggest to have a single lambda environment variable with the special name `BREF_PARAMETER_STORE` that stores a string in ini format. \nThat string will be expanded in many application environment variables.\nFor example a lambda could have the environment variable `BREF_PARAMETER_STORE=ssm:/some/parameter`. Data contained in that parameter could be:\n```\nVAR1=foo\nVAR2=bar\n```\nThe lambda execution runtime should then see `VAR1=foo` and `VAR2=bar` as environment variables.\n\nThis project is fully compatible with the behavior of the original library, whose documentation I report below.\n\n## Usage following the original library\n\nThis library is fully compatible with the orginal one developed by Bref's author.\nRead the Bref documentation: https://bref.sh/docs/environment/variables.html#secrets\n\nIt replaces (at runtime) the variables whose value starts with `bref-ssm:`. For example, you could set such a variable in `serverless.yml` like this:\n\n```yaml\nprovider:\n    # ...\n    environment:\n        MY_PARAMETER: bref-ssm:/my-app/my-parameter\n```\n\nIn AWS Lambda, the `MY_PARAMETER` would be automatically replaced and would contain the value stored at `/my-app/my-parameter` in AWS SSM Parameters.\n\nIt could be also used to read a set of parameters from a SSM variable that contains a string in an INI format. \nFor example, if there is an SSM parameter `/my-app/my-par-store` that contains this sting:\n```ini\nFOO=bar\nBAR=baz\n```\nand we have this `severless.yml` configuration with the special variable `BREF_PARAMETER_STORE` set this way:\n```yaml\nprovider:\n    # ...\n    environment:\n      BREF_PARAMETER_STORE: /my-app/my-par-store\n```\nour lambda will see the these environment variables:\n```shell\nFOO=bar\nBAR=baz\n```\n\nThis feature is shipped as a separate package so that all its code and dependencies are not installed by default for all Bref users. Install this package if you want to use the feature.\n\n## Notes for developers\n\nIn the [docker](/docker) directory you can find a `docker compose` project that allows the developing and testing of the application.\nYou can run it with\n```bash\ncd docker \ndocker compose up -d\ndocker compose exec php bash\n```\nLast command leads you inside the PHP container where you can run tests and quality checks using the [quality.sh](scripts/quality.sh) script:\n```shell\nscripts/quality.sh\n```\n\n## Installation in your PHP project\n\n```\ncomposer require f-lombardo/secrets-loader\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff-lombardo%2Fsecrets-loader","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ff-lombardo%2Fsecrets-loader","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ff-lombardo%2Fsecrets-loader/lists"}