How can I reference a object value from secret manager in serverless.yml?

Question

I am deploying apps to AWS via serverless. And need to read values from secretmanager during deployment. I have read this doc: https://www.serverless.com/framework/docs/providers/aws/guide/variables/#reference-variables-using-the-ssm-parameter-store

it shows how to read it:

custom: supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true} however, it can be used to read a string value from secret manager. My secret is an object which includes key/value pairs. How can I read the key inside a secret?

I have tried something like this:

custom: supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager:MY_KEY~true}

custom: supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager/MY_KEY~true}

but none of them working.

Answer 1

Serverless will resolve the object for you.

Assuming that the content of your secret_ID_in_Secrets_Manager looks like this:

{
  "foo": "foo",
  "bar": "bar"
}

Then if you define your custom variable in serverless.yml like this:

custom:
  supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true}

Then this will resolve to:

custom:
  supersecret:
    foo: foo
    bar: bar

You can reference them inside serverless.yml by using ${self:custom.supersecret.foo} and ${self:custom.supersecret.bar}.

See the Serverless documentation and search for Variables can also be object, since AWS Secrets Manager can store secrets not only in plain text but also in JSON..