Big News: Socket Selected for OpenAI's Cybersecurity Grant Program.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

serverless-plugin-kmsvariables

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

serverless-plugin-kmsvariables

Serverless Plugin to use KMS for variables

latest
Source
npmnpm
Version
1.3.0
Version published
Maintainers
1
Created
Source

Serverless Plugin KMSVariables

NPM

This Plugin adds KMS Support to the Variables of Serverless.

Note: This plugin supports Serverless 0.5.*

Installation

cd projectfolder
npm install serverless-plugin-kmsvariables
  • add the plugin to your s-project.json file
  • add configuration for KMS to your s-project file
"custom": {
    "kmsVariables": {
      "key_arn": "arn:aws:kms:<region>:<accountid>:key/<keyid>"
    }
},
"plugins": [
    "serverless-plugin-kmsvariables"
]

Run the Plugin

  • the plugin uses a hook that is called in turn of the underlying Serverless VariableSet/VariableList actions.
  • the plugin uses a hook that is called before functionRun and functionDeploy calls, where the variables are decrypted using KMS.

Example usage

Set a normal variable

serverless variables set -s <stage> -r <region> -t <type> -k <key> -v <value>

Output:

$ serverless variables set -s dev -r us-east-1 -t region -k plaintextVariable -v foo
Serverless: Not encrypting variable  
Serverless: Successfully set variable: plaintextVariable

Set an encrypted variable

Command:

serverless variables set -s <stage> -r <region> -t <type> -k <key> -v <value> -e

Ouput:

$ serverless variables set -s dev -r us-east-1 -t region -k myPassword -v mySuperSecret -e
Serverless: Calling AWS KMS to encrypt variable  
Serverless: Successfully set variable: myPassword

List variables (without decryption)

serverless variables list -s <stage> -r <region>

Output:

Serverless: common:  
Serverless: project = ceng-lambda-nsox  
Serverless:     dev:  
Serverless:     stage = dev  
Serverless:     foo-stage = bar1  
Serverless:         us-east-1:  
Serverless:         region = us-east-1  
Serverless:         resourcesStackName = example  
Serverless:         iamRoleArnLambda = arn:aws:iam::<accountid>:role/<rolename> 
Serverless:         plaintextVariable = foo
Serverless:         myPassword = *******

List variables (with decryption)

serverless variables list -s <stage> -r <region> -d

Output:

Serverless: common:  
Serverless: project = ceng-lambda-nsox  
Serverless:     dev:  
Serverless:     stage = dev  
Serverless:     foo-stage = bar1  
Serverless:         us-east-1:  
Serverless:         region = us-east-1  
Serverless:         resourcesStackName = example  
Serverless:         iamRoleArnLambda = arn:aws:iam::<accountid>:role/<rolename>
Serverless:         plaintextVariable = foo
Serverless:         myPassword = mySuperSecret

Keywords

serverless plugin kmsvariables
serverless framework plugin
serverless applications
serverless plugins
api gateway
lambda

FAQs

Package last updated on 11 Jul 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Named Top Sales Organization by RepVue

Company News

Socket Named Top Sales Organization by RepVue

Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.

By Sarah Gooding  -  Apr 17, 2026
Socket Selected for OpenAI's Cybersecurity Grant Program

Company News

/

Security News

Socket Selected for OpenAI's Cybersecurity Grant Program

Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.

By Sarah Gooding  -  Apr 16, 2026