{"id":26496696,"url":"https://github.com/robin-thomas/serverless-aws-secrets","last_synced_at":"2025-03-20T12:23:17.557Z","repository":{"id":193492366,"uuid":"688792330","full_name":"robin-thomas/serverless-aws-secrets","owner":"robin-thomas","description":"🛵 Serverless plugin that reads environment variables and replaces secrets using AWS Secrets Manager 🛵","archived":false,"fork":false,"pushed_at":"2024-06-25T09:44:54.000Z","size":464,"stargazers_count":83,"open_issues_count":17,"forks_count":7,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-20T01:38:53.996Z","etag":null,"topics":["aws","aws-lambda","aws-secrets-manager","environment-variables","javascript","jest","secrets-manager","security","serverless","serverless-plugin","typescript"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/serverless-aws-secrets","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robin-thomas.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-08T05:49:32.000Z","updated_at":"2025-01-29T11:04:06.000Z","dependencies_parsed_at":null,"dependency_job_id":"a71efd69-4e6a-4793-8bcd-b0767f7c226e","html_url":"https://github.com/robin-thomas/serverless-aws-secrets","commit_stats":{"total_commits":106,"total_committers":3,"mean_commits":"35.333333333333336","dds":0.339622641509434,"last_synced_commit":"2ed57d3b6dc1530dea9d29dec974ec79f67c1ff7"},"previous_names":["robin-thomas/serverless-aws-secrets"],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robin-thomas%2Fserverless-aws-secrets","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robin-thomas%2Fserverless-aws-secrets/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robin-thomas%2Fserverless-aws-secrets/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robin-thomas%2Fserverless-aws-secrets/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robin-thomas","download_url":"https://codeload.github.com/robin-thomas/serverless-aws-secrets/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244574798,"owners_count":20474818,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-lambda","aws-secrets-manager","environment-variables","javascript","jest","secrets-manager","security","serverless","serverless-plugin","typescript"],"created_at":"2025-03-20T12:23:17.049Z","updated_at":"2025-03-20T12:23:17.538Z","avatar_url":"https://github.com/robin-thomas.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ch2 align=\"center\"\u003eServerless AWS Secrets \u003cspan\u003e\u003ca href=\"https://twitter.com/intent/tweet?text=Replace%20your%20environment%20variables%20with%20AWS%20secrets\u0026amp;url=https://github.com/robin-thomas/serverless-aws-secrets\u0026amp;hashtags=serverless,plugin,typescript,javascript,developers\" rel=\"nofollow\"\u003e\u003cimg src=\"https://camo.githubusercontent.com/90bc908826728c0e4261acfff5619fd732c7be2b2a00624fce6363c9a3623c90/68747470733a2f2f696d672e736869656c64732e696f2f747769747465722f75726c2f687474702f736869656c64732e696f2e7376673f7374796c653d736f6369616c\" alt=\"Tweet\" data-canonical-src=\"https://img.shields.io/twitter/url/http/shields.io.svg?style=social\" style=\"max-width: 100%;\"\u003e\u003c/a\u003e\u003c/span\u003e\u003c/h2\u003e\n\n  \u003cp align=\"center\"\u003eA Serverless Plugin for the \u003ca href=\"https://www.serverless.com\"\u003eServerless Framework\u003c/a\u003e, which can replace environment variables with secrets from AWS Secrets Manager.\u003c/p\u003e\n  \u003cdiv align=\"center\"\u003e\n    \u003cimg src=\"https://s3.amazonaws.com/assets.github.serverless/readme-serverless-framework.gif\" width=\"70%\" /\u003e\n  \u003c/div\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"http://www.serverless.com\"\u003e\n    \u003cimg src=\"http://public.serverless.com/badges/v3.svg\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.npmjs.com/package/serverless-aws-secrets\"\u003e\n    \u003cimg src=\"https://img.shields.io/npm/v/serverless-aws-secrets\" /\u003e\n  \u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/npm/dt/serverless-aws-secrets.svg?label=Downloads\" /\u003e\n  \u003cimg src=\"https://img.shields.io/bundlephobia/min/serverless-aws-secrets/latest\" /\u003e\n  \u003ca href=\"https://github.com/robin-thomas/serverless-aws-secrets/actions\"\u003e\n    \u003cimg src=\"https://github.com/robin-thomas/serverless-aws-secrets/actions/workflows/post_release.yml/badge.svg\" /\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://codecov.io/gh/robin-thomas/serverless-aws-secrets\"\u003e\n    \u003cimg src=\"https://codecov.io/gh/robin-thomas/serverless-aws-secrets/graph/badge.svg?token=I3FAWZETH9)\" /\u003e\n  \u003c/a\u003e\n  \u003cimg src=\"https://img.shields.io/npm/l/serverless-aws-secrets\" /\u003e\n\u003c/p\u003e\n\n## Introduction\n\nIf you are using a serverless plugin like [Serverless Dotenv Plugin](https://github.com/neverendingqs/serverless-dotenv-plugin), then you shall be having `.env.*` files that looks like:\n\n```\nMYSQL_USERNAME=username\nMYSQL_PASSWORD=password\n```\n\nRather than storing these secrets in your `.env.*` file, you can instead store them in [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/). This plugin will then replace the environment variables (that are already loaded into Serverless framework) with the secrets from AWS Secrets Manager.\n\nYou need to change your above `.env.*` files to:\n\n```\nMYSQL_USERNAME=secret:MYSQL_USERNAME\nMYSQL_PASSWORD=secret:MYSQL_PASSWORD\n```\n\nThe plugin will then search within AWS Secrets Manager (refer to `secretId` configuration) for a secret with the name `MYSQL_USERNAME` and `MYSQL_PASSWORD` and replace the environment variables with the secret value.\n\nSecrets are recognized as environment variables whose name started with a pre-defined prefix. (refer to `secretPrefix` configuration below).\n\n## Getting Started\n\nThese instructions will help you integrate this plugin into your serverless service.\n\n### Prerequisites\n\nYou need to have the below softwares running on your system:\n\n* [Node.js v18](https://nodejs.org/en) - You can use [NVM](https://github.com/nvm-sh/nvm) to setup Node.js in your system\n* [Git](https://git-scm.com/) - You can download from [here](https://git-scm.com/downloads)\n* [Serverless](https://www.serverless.com/) - Refer [here](https://github.com/serverless/serverless/blob/main/docs/getting-started.md) on how to get started\n\n### Installing the plugin\n\nRun below command to install the plugin:\n\n```\n$ npm install --save-dev serverless-aws-secrets\n```\n\nAdd the plugin to `serverless.yml`:\n\n```\nplugins:\n  - serverless-aws-secrets\n```\n\nThis will run the plugin during the below serverless hooks:\n* `before:package:initialize`\n* `offline:start:init`\n\n### Configuring the plugin\n\nThe plugin can be configured by:\n\n```\ncustom:\n  serverless-aws-secrets:\n    secretId: ...\n    secretPrefix: ...\n```\n\n* `secretId`: Location of the secret in AWS Secrets Manager. Default: `${provider.stage}/${app}-${service}`\n\n* `secretPrefix`: Prefix of the secret name in AWS Secrets Manager. Default: `secret:`\n\n## CLI commands\n\nThis plugin also exposes a CLI command that can be used along with serverless.\n\n### Display the secret values\n\n```\n$ sls aws-secrets --verbose\n```\n\nThis will display the output:\n\n```\n[serverless-aws-secrets]: Running the command: sls aws-secrets\n[serverless-aws-secrets]: Loading secret: {secretId} in {provider.region}\n✔ [serverless-aws-secrets]: Secret: {secretKey}, Value: {secretValue}\n```\n\n## Local Development\n\nThese instructions will help you to run the project in your local.\n\n### Setup\n\nRun the below commands to setup the project:\n\n```\n$ git clone git@github.com:robin-thomas/serverless-aws-secrets.git\n$ cd serverless-aws-secrets\n$ nvm use 18\n$ npm install\n```\n\n### Running the tests\n\nYou can run the unit tests written in [Jest](https://github.com/jestjs/jest) by running:\n\n```\n$ npm run test\n```\n\n## Versioning\n\nWe use [SemVer](http://semver.org/) for versioning. For the versions available, see the [tags on this repository](https://github.com/robin-thomas/serverless-aws-secrets/tags).\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobin-thomas%2Fserverless-aws-secrets","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobin-thomas%2Fserverless-aws-secrets","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobin-thomas%2Fserverless-aws-secrets/lists"}