Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

serverless-plugin-kmsvariables

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

serverless-plugin-kmsvariables

Serverless Plugin to use KMS for variables

latest
Source
npmnpm
Version
1.3.0
Version published
Weekly downloads
4
100%
Maintainers
1
Weekly downloads
 
Created
Source

Serverless Plugin KMSVariables

NPM

This Plugin adds KMS Support to the Variables of Serverless.

Note: This plugin supports Serverless 0.5.*

Installation

cd projectfolder
npm install serverless-plugin-kmsvariables
  • add the plugin to your s-project.json file
  • add configuration for KMS to your s-project file
"custom": {
    "kmsVariables": {
      "key_arn": "arn:aws:kms:<region>:<accountid>:key/<keyid>"
    }
},
"plugins": [
    "serverless-plugin-kmsvariables"
]

Run the Plugin

  • the plugin uses a hook that is called in turn of the underlying Serverless VariableSet/VariableList actions.
  • the plugin uses a hook that is called before functionRun and functionDeploy calls, where the variables are decrypted using KMS.

Example usage

Set a normal variable

serverless variables set -s <stage> -r <region> -t <type> -k <key> -v <value>

Output:

$ serverless variables set -s dev -r us-east-1 -t region -k plaintextVariable -v foo
Serverless: Not encrypting variable  
Serverless: Successfully set variable: plaintextVariable

Set an encrypted variable

Command:

serverless variables set -s <stage> -r <region> -t <type> -k <key> -v <value> -e

Ouput:

$ serverless variables set -s dev -r us-east-1 -t region -k myPassword -v mySuperSecret -e
Serverless: Calling AWS KMS to encrypt variable  
Serverless: Successfully set variable: myPassword

List variables (without decryption)

serverless variables list -s <stage> -r <region>

Output:

Serverless: common:  
Serverless: project = ceng-lambda-nsox  
Serverless:     dev:  
Serverless:     stage = dev  
Serverless:     foo-stage = bar1  
Serverless:         us-east-1:  
Serverless:         region = us-east-1  
Serverless:         resourcesStackName = example  
Serverless:         iamRoleArnLambda = arn:aws:iam::<accountid>:role/<rolename> 
Serverless:         plaintextVariable = foo
Serverless:         myPassword = *******

List variables (with decryption)

serverless variables list -s <stage> -r <region> -d

Output:

Serverless: common:  
Serverless: project = ceng-lambda-nsox  
Serverless:     dev:  
Serverless:     stage = dev  
Serverless:     foo-stage = bar1  
Serverless:         us-east-1:  
Serverless:         region = us-east-1  
Serverless:         resourcesStackName = example  
Serverless:         iamRoleArnLambda = arn:aws:iam::<accountid>:role/<rolename>
Serverless:         plaintextVariable = foo
Serverless:         myPassword = mySuperSecret

Keywords

serverless plugin kmsvariables
serverless framework plugin
serverless applications
serverless plugins
api gateway
lambda

FAQs

Package last updated on 11 Jul 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Research

/

Security News

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

By Kush Pandya  -  Nov 06, 2025