I am deploying apps to AWS via serverless. And need to read values from secretmanager during deployment. I have read this doc: https://www.serverless.com/framework/docs/providers/aws/guide/variables/#reference-variables-using-the-ssm-parameter-store
it shows how to read it:
custom: supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true}
however, it can be used to read a string value from secret manager. My secret is an object which includes key/value pairs. How can I read the key inside a secret?
I have tried something like this:
custom: supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager:MY_KEY~true}
custom: supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager/MY_KEY~true}
but none of them working.
Serverless will resolve the object for you.
Assuming that the content of your secret_ID_in_Secrets_Manager looks like this:
{
"foo": "foo",
"bar": "bar"
}
Then if you define your custom variable in serverless.yml like this:
custom:
supersecret: ${ssm:/aws/reference/secretsmanager/secret_ID_in_Secrets_Manager~true}
Then this will resolve to:
custom:
supersecret:
foo: foo
bar: bar
You can reference them inside serverless.yml by using ${self:custom.supersecret.foo} and ${self:custom.supersecret.bar}.
See the Serverless documentation and search for Variables can also be object, since AWS Secrets Manager can store secrets not only in plain text but also in JSON..