This guide is designed to get you set up with deploying to a serverless stack with secrets from Enclave. We assume you are already using the open-source Serverless framework to deploy your code.

Prerequisites

• Doppler CLI has been installed and authenticated.
• Existing code is already being deployed with the Serverless framework

Modify Yaml File

Secrets in the Serverless framework can be fetched from multiple sources. For integrating with Doppler we want to fetch them from the environment. You will need to change your serverless.yaml file to do so.

provider: aws

functions:
  hello:
    name: hello
    handler: handler.hello_world
    environment:
      PORT: ${env:PORT}
      AWS_S3_BUCKET: ${env:AWS_S3_BUCKET}
      STRIPE_API_KEY: ${env:STRIPE_API_KEY}

You can find more information on fetching secrets from Serverless's documentation.

Update Deploy Script

Now that you are fetching secrets from the environment, we will need to change your deploy script to use the Doppler CLI. The Doppler CLI will first be called to fetch the secrets from Enclave and then the serverless deploy command will be called with the secrets injected into the environment.

doppler run -- serverless deploy

Test Deployment

Now let's test your newly deployed code by invoking the serverless function.

serverless invoke --function hello

Continuous Integration

Congrats on getting deployments working with Doppler, next let's automate it with continuous integration! We have a prebuilt Docker image with Doppler and Node.js installed for this use case.

# Doppler base image
FROM dopplerhq/cli:3-node

# Pass in Doppler credentials at build time
ARG DOPPLER_TOKEN
ARG ENCLAVE_PROJECT
ARG ENCLAVE_CONFIG

# Copy over dependency files
COPY package.json .

# Install dependencies
RUN npm i -g serverless && npm i

# Copy the rest of the code
COPY . .

# Deploy serverless app
RUN doppler run -- serverless deploy

👍

Amazing Work!

Next, let's set up authentication with Doppler for staging & production with Service Tokens.