This guide is designed to get you set up with deploying your secrets to a serverless stack. We assume you are already using the open-source Serverless framework to deploy your code.
Prerequisites
- Doppler CLI has been installed and authenticated.
- Existing code is already being deployed with the Serverless framework
Modify Yaml File
Secrets in the Serverless framework can be fetched from multiple sources. For integrating with Doppler we want to fetch them from the environment. You will need to change your serverless.yaml file to do so.
provider: aws
functions:
hello:
name: hello
handler: handler.hello_world
environment:
PORT: ${env:PORT}
AWS_S3_BUCKET: ${env:AWS_S3_BUCKET}
STRIPE_API_KEY: ${env:STRIPE_API_KEY}
You can find more information on fetching secrets from Serverless's documentation.
Update Deploy Script
Now that you are fetching secrets from the environment, we will need to change your deploy script to use the Doppler CLI. The Doppler CLI will first be called to fetch your secrets and then the serverless deploy command will be called with the secrets injected into the environment.
doppler run -- serverless deploy
Test Deployment
Now let's test your newly deployed code by invoking the serverless function.
serverless invoke --function hello
Continuous Integration
Congrats on getting deployments working with Doppler, next let's automate it with continuous integration! We have a prebuilt Docker image with Doppler and Node.js installed for this use case.
# Doppler base image
FROM dopplerhq/cli:3-node
# Pass in Doppler credentials at build time
ARG DOPPLER_TOKEN
ARG DOPPLER_PROJECT
ARG DOPPLER_CONFIG
# Copy over dependency files
COPY package.json .
# Install dependencies
RUN npm i -g serverless && npm i
# Copy the rest of the code
COPY . .
# Deploy serverless app
RUN doppler run -- serverless deploy
Amazing Work!
Now that you have local development running, letβs set up authentication for staging and production with Service Tokens.
Updated 2 days ago