-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add direct support for Amazon secrets manager #1305
Comments
Up! I would love to map secrets to env vars instead of exposing them in settings.json |
Something like that would be great
|
Right now this is how I'm adding AWS secrets to my zappa_config.json file:
I would like to see Zappa do something along these lines:
Zappa would then automatically make sure that the IAM Role that it creates has access to the two ARNs. |
@simsong but this way you are just passing ARN to the env, these secrets aren't resolving to actual values? I'm lookin for the option to pull resolved secrets. |
Once you have the ARN you can pull the secret pretty easily. Here is the code I use:
The ARN is your key to unlocking the secrets! But role under which the Lambda is running needs access to either the specific ARN, or else all ARNs within the secrets manager. This is a pain to set up, and it changes frequently, so tit would be nice for Zappa to automate the creation of the AWS authorizations. I was not suggesting that Zappa get the secret out of the Secrets Manager and put the secret in into the environment. |
Feature Request: Add direct support for Amazon secrets manager
Expected Behavior
It would be useful to be able to document the ARN of desired Amazon Secrets that the Lambda function should have access to. Many lambda functions need secrets, and this should be controls through the zappa configuration.
Actual Behavior
Right now we need to add each secret manually.
Possible Fix
The text was updated successfully, but these errors were encountered: