This guide is designed to get you set up with deploying your secrets to a serverless stack. We assume you are already using the open-source Serverless framework to deploy your code.
Prerequisites
- Doppler CLI has been installed and authenticated.
- Existing code is already being deployed with the Serverless framework
YAML Modifications
Secrets in the Serverless framework can be fetched from multiple sources. For integrating with Doppler we want to fetch them from the environment. You will need to change your serverless.yaml
file to do so.
provider: aws
functions:
hello:
name: hello
handler: handler.hello_world
environment:
PORT: ${env:PORT}
AWS_S3_BUCKET: ${env:AWS_S3_BUCKET}
STRIPE_API_KEY: ${env:STRIPE_API_KEY}
You can find more information on fetching secrets from Serverless's documentation.
Deploy
Now that you are fetching secrets from the environment, we will need to change your deploy script to use the Doppler CLI. The Doppler CLI will first be called to fetch your secrets and then the serverless deploy
command will be called with the secrets injected into the environment.
doppler run -- serverless deploy
Test
Now let's test your newly deployed code by invoking the serverless function.
serverless invoke --function hello
Continuous Integration
Congrats on getting deployments working with Doppler, next let's automate it with continuous integration! We have a prebuilt Docker image with Doppler and Node.js installed for this use case.
# Doppler base image
FROM dopplerhq/cli:3-node
# Pass in a service token at build time
ARG DOPPLER_TOKEN
# Copy over dependency files
COPY package.json .
# Install dependencies
RUN npm i -g serverless && npm i
# Copy the rest of the code
COPY . .
# Deploy serverless app
RUN ["doppler", "run", "--", "serverless", "deploy"]
Amazing Work!
Now that you have local development running, letβs set up authentication for staging and production with Service Tokens.
Updated about a month ago