[英]Serverless - How to access Aws secret manager as environment variable
Currently, I am accessing AWS parameter store value as environment variable.目前,我正在访问 AWS 参数存储值作为环境变量。 It is defined in serverless yml like so:
它在无服务器 yml 中定义如下:
environment:
XYZ_CREDS: ${ssm:xyzCreds}
In code, I access this like so process.env.XYZ_CREDS
在代码中,我像这样访问它
process.env.XYZ_CREDS
I need to move this value to AWS secret manager and access the xyzCreds in the same way.我需要将此值移动到 AWS 秘密管理器并以相同的方式访问 xyzCred。
Based on the serverless document I tried like so -基于我尝试过的无服务器文档-
custom:
xyzsecret: ${ssm:/aws/reference/secretsmanager/XYZ_CREDS_SECRET_MANAGERa~true}
environment:
XYZ_CREDS: ${self:custom.xyzsecret}}
But it's not working.但它不起作用。 Please help!
请帮忙!
After struggling with this issue by myself I found the solution that worked for me.在自己解决这个问题之后,我找到了对我有用的解决方案。
Assume that we have a secret XYZ_CREDS where we store user and password ket-value pairs.假设我们有一个秘密 XYZ_CREDS,我们在其中存储用户和密码 ket-value 对。 AWS Secrets manager stores them in JSON format:
{"user": "test", "password": "xxxx"}
AWS Secrets manager 以 JSON 格式存储它们:
{"user": "test", "password": "xxxx"}
Here is how to put user and password into Lambda function environment variables:以下是如何将用户和密码放入 Lambda 函数环境变量中:
custom:
xyzsecret: ${ssm:/aws/reference/secretsmanager/XYZ_CREDS~true}
myService:
handler: index.handler
environment:
username: ${self:custom.xyzsecret.user}
password: ${self:custom.xyzsecret.password}
I'm using serverless 1.73.1 for deploying to cloudformation.我正在使用无服务器 1.73.1 部署到 cloudformation。
Hope this helps others.希望这对其他人有帮助。
Given that the name of your secret in secrets manager is correct.鉴于您在机密管理器中的机密名称是正确的。 I think you might have an "a" after manager before the decryption.
我认为在解密之前您可能在 manager 之后有一个“a”。
Secret manager stores in key value/json format.So specify the variables individually秘密管理器以键值/json 格式存储。因此单独指定变量
Eg.例如。
environment:
user_name: ${self:custom.xyzsecret}.username
password: ${self:custom.xyzsecret}.password
otherwise pass secret manager name and decrypt using aws-sdk in the code否则在代码中使用 aws-sdk 传递秘密管理器名称和解密
environment:
secretkey_name:XYZ_CREDS_SECRET_MANAGERa
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.