This guide is designed to get you set up with deploying your secrets to a serverless stack. We assume you are already using the open-source Serverless framework to deploy your code.

Prerequisites

• Doppler CLI has been installed and authenticated.
• Existing code is already being deployed with the Serverless framework

Modify Yaml File

Secrets in the Serverless framework can be fetched from multiple sources. For integrating with Doppler we want to fetch them from the environment. You will need to change your serverless.yaml file to do so.

provider: aws

functions:
  hello:
    name: hello
    handler: handler.hello_world
    environment:
      PORT: ${env:PORT}
      AWS_S3_BUCKET: ${env:AWS_S3_BUCKET}
      STRIPE_API_KEY: ${env:STRIPE_API_KEY}

You can find more information on fetching secrets from Serverless's documentation.

Update Deploy Script

Now that you are fetching secrets from the environment, we will need to change your deploy script to use the Doppler CLI. The Doppler CLI will first be called to fetch your secrets and then the serverless deploy command will be called with the secrets injected into the environment.

doppler run -- serverless deploy

Test Deployment

Now let's test your newly deployed code by invoking the serverless function.

serverless invoke --function hello

Continuous Integration

Congrats on getting deployments working with Doppler, next let's automate it with continuous integration! We have a prebuilt Docker image with Doppler and Node.js installed for this use case.

# Doppler base image
FROM dopplerhq/cli:3-node

# Pass in a service token at build time
ARG DOPPLER_TOKEN

# Copy over dependency files
COPY package.json .

# Install dependencies
RUN npm i -g serverless && npm i

# Copy the rest of the code
COPY . .

# Deploy serverless app
RUN ["doppler", "run", "--", "serverless", "deploy"]

👍

Amazing Work!

Now that you have local development running, let’s set up authentication for staging and production with Service Tokens.