{"id":15597945,"url":"https://github.com/nalbion/serverless-plugin-encrypted","last_synced_at":"2025-06-20T23:37:18.943Z","repository":{"id":57121532,"uuid":"92485440","full_name":"nalbion/serverless-plugin-encrypted","owner":"nalbion","description":"A Serverless plugin which encrypts Lambda environment variables using an KMS key which is automatically generated for each stage","archived":false,"fork":false,"pushed_at":"2021-07-06T08:37:58.000Z","size":15,"stargazers_count":12,"open_issues_count":0,"forks_count":5,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-02T11:08:17.763Z","etag":null,"topics":["serverless-plugin"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nalbion.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-05-26T07:42:41.000Z","updated_at":"2021-07-06T08:38:00.000Z","dependencies_parsed_at":"2022-08-23T08:50:37.972Z","dependency_job_id":null,"html_url":"https://github.com/nalbion/serverless-plugin-encrypted","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/nalbion/serverless-plugin-encrypted","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nalbion%2Fserverless-plugin-encrypted","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nalbion%2Fserverless-plugin-encrypted/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nalbion%2Fserverless-plugin-encrypted/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nalbion%2Fserverless-plugin-encrypted/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nalbion","download_url":"https://codeload.github.com/nalbion/serverless-plugin-encrypted/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nalbion%2Fserverless-plugin-encrypted/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260268635,"owners_count":22983601,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["serverless-plugin"],"created_at":"2024-10-03T01:24:31.526Z","updated_at":"2025-06-20T23:37:13.930Z","avatar_url":"https://github.com/nalbion.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# serverless-plugin-encrypted\n\nA [Serverless](https://serverless.com/) [plugin](https://serverless.com/framework/docs/providers/aws/guide/plugins/)\n which encrypts Lambda environment variables using an KMS key which is automatically generated for each stage.\n \n## Note\n\nAn alternative approach is to use AWS Secrets Manager\n\n```yaml\nenvironment: #${ssm:/aws/reference/secretsmanager/${self:custom.stage}/config~true}\n```\n\n## Installation\n\n    yarn add -D serverless-plugin-encrypted\n\nor \n\n    npm install --save-dev serverless-plugin-encrypted\n    \n## Usage\n    \n```yaml\nservice: my-service\nprovider:\n  name: aws\n  runtime: nodejs6.10\n  role: lambda-role\n  stage: DEV\n  region: ap-southeast-2\n  \nplugins:\n  - serverless-plugin-encrypted\n    \ncustom:\n  kmsKeyId: ${self:provider.stage}-my-service\n  encrypted:\n    SECRET_PASSWORD: ${env:MY_SECRET_PASSWORD}\n        \nfunctions:\n  my-function:\n    handler: index.handler\n    environment:\n      NOT_SECRET: ${env:NOT_SECRET}\n      SECRET_PASSWORD: ${self:custom.encrypted.SECRET_PASSWORD}\n```\n\n    $ serverless deploy\n\nThe plugin will look for a KMS key with alias `DEV-my-service`, and create it if it does not exist.\nThen it will go through all `environment` variables within `provider` and each function.  \nIf it finds an entry in `custom.encrypted` with a matching name it will use the KMS key to encrypt the value \n(eg: `custom.encrypted.SECRET_PASSWORD`) and update the provider and function values.\n \nNote: The original values in the provider and functions will be discarded. \nie `functions.my-function.environment.SECRET_PASSWORD` has been set to `${self:custom.encrypted.SECRET_PASSWORD}` \nin the example above, but it could be anything really, although it is a recommended convention.\n\nWhen the plugin creates the KMS key, a policy will be created for it which allows:\n\n - the account root user to manage the key\n - anybody to encrypt \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnalbion%2Fserverless-plugin-encrypted","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnalbion%2Fserverless-plugin-encrypted","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnalbion%2Fserverless-plugin-encrypted/lists"}