A simple tool to inject secrets from AWS Secrets Manager into Lambda functions as environment variables
- retrieve secrets from AWS Secrets Manager
- save the secrets to a file in /tmp directory
- expose the secrets as environment variables using a wrapper script and delete the tmp file
- configure lambda environment variables with following syntax:
- ENV_VAR = "{{inject:secretsmanager:secret-id:SecretString:json-key}}"
- secret-id: the ARN or name of the secret
- json-key: The key name of the key-value pair whose value you want to retrieve
- add the injector and a wrapper script to the lambda function as a layer
- give the lambda function permission to read the secrets from AWS Secrets Manager
Checkout the simple python lambda example here.
This project is a demo. Do NOT use for production environment. It has a lot of room for improvement.
See CONTRIBUTING for more information.
This library is licensed under the MIT-0 License. See the LICENSE file.