{"id":19042457,"url":"https://github.com/serverless/serverless-secrets-plugin","last_synced_at":"2025-08-22T01:32:40.078Z","repository":{"id":58875163,"uuid":"74691310","full_name":"serverless/serverless-secrets-plugin","owner":"serverless","description":null,"archived":false,"fork":false,"pushed_at":"2019-09-06T04:07:42.000Z","size":13,"stargazers_count":66,"open_issues_count":5,"forks_count":16,"subscribers_count":28,"default_branch":"master","last_synced_at":"2024-12-11T13:52:13.287Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/serverless.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-11-24T16:58:15.000Z","updated_at":"2024-01-22T00:38:40.000Z","dependencies_parsed_at":"2022-09-08T19:23:22.294Z","dependency_job_id":null,"html_url":"https://github.com/serverless/serverless-secrets-plugin","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless%2Fserverless-secrets-plugin","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless%2Fserverless-secrets-plugin/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless%2Fserverless-secrets-plugin/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/serverless%2Fserverless-secrets-plugin/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/serverless","download_url":"https://codeload.github.com/serverless/serverless-secrets-plugin/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230547678,"owners_count":18243227,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-08T22:37:45.980Z","updated_at":"2024-12-20T07:07:04.976Z","avatar_url":"https://github.com/serverless.png","language":"JavaScript","readme":"# Serverless Credentials Plugin\n\nIMPORTANT NOTE: As pointed out in the [AWS documentation](http://docs.aws.amazon.com/lambda/latest/dg/env_variables.html) for storing sensible information Amazon recommends to use AWS KMS instead of environment variables like this plugin.\n\n[![serverless](http://public.serverless.com/badges/v3.svg)](http://www.serverless.com)\n[![npm version](https://badge.fury.io/js/serverless-secrets-plugin.svg)](https://badge.fury.io/js/serverless-secrets-plugin)\n[![license](https://img.shields.io/npm/l/serverless-secrets-plugin.svg)](https://www.npmjs.com/package/serverless-secrets-plugin)\n\n# Install\n\n```bash\nnpm install --save-dev serverless-secrets-plugin\n```\n\nAfter that you need to add the plugin to your `serverless.yml` of you service.\n\nRun the command `serverless --help` and verify the list of commands contain an `encrypt` and a `decrypt` command.\n\n# Usage\n\nCreate a `secrets.{stage}.yml` file for each stage e.g. `secrets.dev.yml`.\n\nStore the keys in there, that you want to keep private e.g.\n```yml\nEMAIL_SERVICE_API_KEY: DEV_API_EXAMPLE_KEY_12\nSESSION_KEY: DEV_SESSION_EXAMPLE_KEY_12\n```\n\nYou can also provide a path prefix if you like to keep your secrets in a different directory e.g.\n```yml\ncustom:\n  secretsFilePathPrefix: config\n```\n\nEncrypt the secrets file for the desired stage by running\n\n```bash\nserverless encrypt --stage dev --password '{your super secure password}'\n```\n\nThis will result in an encrypted file e.g. `secrets.dev.yml.encrypted`. You can check the encrypted file into your version control system e.g. Git. It's recommened to add your unencrypted file to `.gitignore` or similar so you and your colleagues can't check it in by accident.\n\nIn your `serverless.yaml` you can use the file variable syntax to import the secrets and set them as environment variables. When you create or update Lambda functions that use environment variables, AWS Lambda encrypts them using the AWS Key Management Service. Read more about that in the AWS documentation [here](http://docs.aws.amazon.com/lambda/latest/dg/env_variables.html).\n\nWhenever you want to deploy there needs to be the unencrypted version of the secrets file available otherwise the plugin will prevent the deployment.\n\n# Example\n\nYou can check out a full example in the Serverless Examples repository: [serverless/examples/aws-node-env-variables-encrypted-in-a-file](https://github.com/serverless/examples/tree/master/aws-node-env-variables-encrypted-in-a-file).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fserverless%2Fserverless-secrets-plugin","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fserverless%2Fserverless-secrets-plugin","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fserverless%2Fserverless-secrets-plugin/lists"}