Serverless - How to access Aws secret manager as environment variable

Question

Currently, I am accessing AWS parameter store value as environment variable. It is defined in serverless yml like so:

environment:
    XYZ_CREDS: ${ssm:xyzCreds}

In code, I access this like so process.env.XYZ_CREDS
I need to move this value to AWS secret manager and access the xyzCreds in the same way.
Based on the serverless document I tried like so -

  custom:
    xyzsecret: ${ssm:/aws/reference/secretsmanager/XYZ_CREDS_SECRET_MANAGERa~true} 
  environment:
    XYZ_CREDS: ${self:custom.xyzsecret}}

But it's not working. Please help!

Answer 1

After struggling with this issue by myself, I found the solution that worked for me.

Assume that we have a secret XYZ_CREDS where we store user and password key-value pairs. AWS Secrets manager stores them in JSON format: {"user": "test", "password": "xxxx"}

Here is how to put user and password into Lambda function environment variables:

custom:
  xyzsecret: ${ssm:/aws/reference/secretsmanager/XYZ_CREDS~true}
myService:
  handler: index.handler
  environment:
    username: ${self:custom.xyzsecret.user}
    password: ${self:custom.xyzsecret.password}

I'm using Serverless 1.73.1 for deploying to CloudFormation.

Hope this helps others.

Answer 2

Given that the name of your secret in secrets manager is correct. I think you might have an "a" after manager before the decryption.