🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

serverless-plugin-kmsvariables

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

serverless-plugin-kmsvariables

Serverless Plugin to use KMS for variables

1.3.0
latest
Source
npm
Version published
Maintainers
1
Created
Source

Serverless Plugin KMSVariables

NPM

This Plugin adds KMS Support to the Variables of Serverless.

Note: This plugin supports Serverless 0.5.*

Installation

cd projectfolder
npm install serverless-plugin-kmsvariables
  • add the plugin to your s-project.json file
  • add configuration for KMS to your s-project file
"custom": {
    "kmsVariables": {
      "key_arn": "arn:aws:kms:<region>:<accountid>:key/<keyid>"
    }
},
"plugins": [
    "serverless-plugin-kmsvariables"
]

Run the Plugin

  • the plugin uses a hook that is called in turn of the underlying Serverless VariableSet/VariableList actions.
  • the plugin uses a hook that is called before functionRun and functionDeploy calls, where the variables are decrypted using KMS.

Example usage

Set a normal variable

serverless variables set -s <stage> -r <region> -t <type> -k <key> -v <value>

Output:

$ serverless variables set -s dev -r us-east-1 -t region -k plaintextVariable -v foo
Serverless: Not encrypting variable  
Serverless: Successfully set variable: plaintextVariable

Set an encrypted variable

Command:

serverless variables set -s <stage> -r <region> -t <type> -k <key> -v <value> -e

Ouput:

$ serverless variables set -s dev -r us-east-1 -t region -k myPassword -v mySuperSecret -e
Serverless: Calling AWS KMS to encrypt variable  
Serverless: Successfully set variable: myPassword

List variables (without decryption)

serverless variables list -s <stage> -r <region>

Output:

Serverless: common:  
Serverless: project = ceng-lambda-nsox  
Serverless:     dev:  
Serverless:     stage = dev  
Serverless:     foo-stage = bar1  
Serverless:         us-east-1:  
Serverless:         region = us-east-1  
Serverless:         resourcesStackName = example  
Serverless:         iamRoleArnLambda = arn:aws:iam::<accountid>:role/<rolename> 
Serverless:         plaintextVariable = foo
Serverless:         myPassword = *******

List variables (with decryption)

serverless variables list -s <stage> -r <region> -d

Output:

Serverless: common:  
Serverless: project = ceng-lambda-nsox  
Serverless:     dev:  
Serverless:     stage = dev  
Serverless:     foo-stage = bar1  
Serverless:         us-east-1:  
Serverless:         region = us-east-1  
Serverless:         resourcesStackName = example  
Serverless:         iamRoleArnLambda = arn:aws:iam::<accountid>:role/<rolename>
Serverless:         plaintextVariable = foo
Serverless:         myPassword = mySuperSecret

Keywords

serverless plugin kmsvariables
serverless framework plugin
serverless applications
serverless plugins
api gateway
lambda

FAQs

Package last updated on 11 Jul 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character Hex Strings

Research

Security News

Malicious Koishi Chatbot Plugin Exfiltrates Messages Triggered by 8-Character Hex Strings

Malicious Koishi plugin silently exfiltrates messages with hex strings to a hardcoded QQ account, exposing secrets in chatbots across platforms.

By Kirill Boychenko  -  May 19, 2025