Serverless

Learn how to easily manage environment variables for your Serverless applications.

This guide is designed to get you set up with deploying your secrets to a serverless stack. We assume you are already using the open-source Serverless framework to deploy your code.

Prerequisites

YAML Modifications

The fastest and easiest method of injecting Doppler secrets into your Serverless deployments is via environment variables using the ${env:SECRET_NAME} syntax.

You can either manually update your Serverless config file when your Doppler secrets change:

provider: aws

functions:
  hello:
    name: hello
    handler: handler.hello_world
    environment:
      PORT: ${env:PORT}
      AWS_S3_BUCKET: ${env:AWS_S3_BUCKET}
      STRIPE_API_KEY: ${env:STRIPE_API_KEY}

Or to ensure the secrets in the serverless.yaml file are always up-to-date, you can create a serverless.yaml.tmpl file and use the Doppler CLI to render a new serverless.yaml on demand containing all current secrets:

# serverless.template.yaml

provider: aws

functions:
  hello:
    name: hello
    handler: handler.hello_world
    environment:{{ range $n, $v := . }}
      {{$n}}: ${env:{{$n}}}{{end}}

Then to render the template to serverless.yaml:

doppler secrets substitute serverless.yaml.tmpl > serverless.yaml

You can find more information on fetching secrets from Serverless's documentation.

Deploy

Once your serverless.yaml file contains a reference to all of your secrets, simply use the Doppler CLI to inject the secrets as environment variables into the serverless deploy command:

doppler run -- serverless deploy
doppler secrets substitute serverless.yaml.tmpl > serverless.yaml
doppler run -- serverless deploy

👍

Amazing Work!

You now know how to use the Doppler CLI for local development, testing, and deployment.