serverless-offline-ssm icon indicating copy to clipboard operation
serverless-offline-ssm copied to clipboard

Published 20 hours ago verified publisher icon thoreinstein

Questions

Open bitsofinfo opened this issue 3 years ago • 3 comments

My secrets in SSM in AWS are there because they are sensitive.

Do I have to copy those secrets into my local serverless.yml or the .env files in order to use this?

Doesn't that defeat the purpose? Both of those files are in git.... so now I have to remember to wipe that data prior to code updates? .env is already used by the https://www.serverless.com/plugins/serverless-dotenv-plugin which conflicts.

Maybe an additional option to permit a custom config file? That would be a great additions then I could have .ssm-secrets and put it in a gitignore.

bitsofinfo avatar Jul 12 '20 14:07 bitsofinfo

If your .env file contains secrets then it should not be committed to git.

Yes, you are correct in that this plugin is a direct conflict with the serverless-dotenv-plugin and they were never intended to be used together. This plugin was created to be used only when running the serverless-offline plugin to prevent it from reaching out to AWS to read SSM parameters. Any use case outside of that is outside of the scope of this plugin and should be supported by something else.

thoreinstein avatar Jul 12 '20 16:07 thoreinstein

yes, thats exactly my use case. serverless-dotenv-plugin and serverless-offline

bitsofinfo avatar Jul 12 '20 16:07 bitsofinfo

I have no intention of making this plugin support use cases outside of what I have already mentioned above.

thoreinstein avatar Jul 12 '20 16:07 thoreinstein