serverless-kms-secrets Not working in combination with `serverless-secrets-plugin`?

Not working in combination with `serverless-secrets-plugin`?

Open QAnders opened this issue 6 years ago • 3 comments

`plugins:

serverless-secrets-plugin
serverless-kms-secrets`

If I have serverless-secrets-plugin as well as serverless-kms-secrets and try to add a "KMS variable" I get error:

ServerlessError: This command requires the --password option / -p shortcut. Usage: Password to encrypt the file.
    at _.forEach (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/serverless/lib/classes/PluginManager.js:428:15)
    at /mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/lodash/lodash.js:4925:15
    at baseForOwn (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/lodash/lodash.js:3010:24)
    at /mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/lodash/lodash.js:4894:18
    at Function.forEach (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/lodash/lodash.js:9342:14)
    at PluginManager.validateOptions (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/serverless/lib/classes/PluginManager.js:415:7)
    at PluginManager.invoke (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/serverless/lib/classes/PluginManager.js:359:10)
    at PluginManager.run (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/serverless/lib/classes/PluginManager.js:403:17)
    at variables.populateService.then (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/serverless/lib/Serverless.js:102:33)
    at runCallback (timers.js:756:18)
    at tryOnImmediate (timers.js:717:5)
    at processImmediate [as _immediateCallback] (timers.js:697:5)
From previous event:
    at Serverless.run (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/serverless/lib/Serverless.js:89:74)
    at serverless.init.then (/mnt/d/Q/GitHub-Repos/qvalia-peppol-serverless/node_modules/serverless/bin/serverless:42:50)
    at <anonymous>

May 14 '18 14:05 QAnders

I've tried to just rename the commands and hooks to kmsencrypt and kmsdecrypt and that seems to do it. It no longer "collides" with serverless-secrets-plugin

May 15 '18 09:05 QAnders

What's the use cases of using both serverless-secrets and serverless-kms-secrets?

May 15 '18 13:05 mpuittinen

We have the "common/not so secret" parameters in serverless-secrets and want to have "more secret" things (e.g. private keys, passwords, API keys) in KMS. The main reason for not using only KMS is latency as pretty much all our Lambdas are using some env.var from "secrets" but only a few are using "KMS secrets"... Does that make sense?

(Kiitos Paljon!)

May 15 '18 13:05 QAnders

serverless-kms-secrets serverless-kms-secrets copied to clipboard

Not working in combination with `serverless-secrets-plugin`?

serverless-kms-secrets
serverless-kms-secrets copied to clipboard