Serverless

This guide is designed to get you set up with deploying your secrets to a serverless stack. We assume you are already using the open-source Serverless framework to deploy your code.

Prerequisites

• Doppler CLI has been installed and authenticated.
• Existing code is already being deployed with the Serverless framework

YAML Modifications

The fastest and easiest method of injecting Doppler secrets into your Serverless deployments is via environment variables using the ${env:SECRET_NAME} syntax.

You can either manually update your Serverless config file when your Doppler secrets change:

provider: aws

functions:
  hello:
    name: hello
    handler: handler.hello_world
    environment:
      PORT: ${env:PORT}
      AWS_S3_BUCKET: ${env:AWS_S3_BUCKET}
      STRIPE_API_KEY: ${env:STRIPE_API_KEY}

Or to ensure the secrets in the serverless.yaml file are always up-to-date, you can create a serverless.yaml.tmpl file and use the Doppler CLI to render a new serverless.yaml on demand containing all current secrets:

# serverless.template.yaml

provider: aws

functions:
  hello:
    name: hello
    handler: handler.hello_world
    environment:{{ range $n, $v := . }}
      {{$n}}: ${env:{{$n}}}{{end}}

Then to render the template to serverless.yaml:

doppler secrets substitute serverless.yaml.tmpl > serverless.yaml

You can find more information on fetching secrets from Serverless's documentation.

Deploy

Once your serverless.yaml file contains a reference to all of your secrets, simply use the Doppler CLI to inject the secrets as environment variables into the serverless deploy command:

doppler run -- serverless deploy

doppler secrets substitute serverless.yaml.tmpl > serverless.yaml
doppler run -- serverless deploy

👍

Amazing Work!

You now know how to use the Doppler CLI for local development, testing, and deployment.