npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

serverless-service-config-plugin

v1.1.3

Published

Retrieve service configs and secrets from Consul and Vault

Downloads

1,370

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

platform.chapterplatform.chapter

Keywords

Readme

serverless-service-config-plugin

Serverless Plugin to retrieve config and secrets for services in Consul and Vault

All secrets from Vault are encrypted with a KMS key by the plugin. This to prevent secrets leaking into the Cloudformation templates, which end up being readable in the AWS Console. This means they must be decrypted in code using KMS after being retrieved from environment.

Usage:

custom:
    myVaultVar: ${vault:/secrets/mysecret} # takes secret at /secrets/mysecret from Vault, KMS encrypts it, and makes it available as a custom variable
    myConsulVar: ${consul:/app.json/green/myconfig} # takes kv item from path in Consul and makes it available as a custom variable 
    service_config_plugin:
        consulAddr: https://consul.corp.domain
        consulPrefix: app_config_vars/
        vaultAddr: https://vault.corp.domain
        kmsKeyId:
            proof: 87y3gh4ei982yh3jeiou2yh2j3eorue1
            prod: 2349u23iuh2j3oiuh2j3oi2j3eo
        # Array of stages that should use environment variables instead
        # of consul to fulfill service config variables
        # the segment of the path after the last "/" will be looked for in process.envs
        localEnvVarStages:
            - local
            - test
    functions:
        calculate:
            handler: src/handlers.calculate
            environment:
                # BEWARE: This will require KMS decryption to be useable
                MY_SECRET_VAR: ${self:custom.myVaultVar}
                # This will be plaintext
                MY_CONFIG_VAR: ${self:custom.myConsulVar}
            events:
                - http:
                path: /v1/calculate
                method: post

Upgrade to plugin 1.0 / slsv3:

Serverless v3 contained some major changes to how custom variables and parameters are used, notably that arbitrary CLI parameters are no longer permitted. WealthWizards used these heavily. Thankfully they also added in params as a good alternative. When migrating a project to serverless framework v3 / v1.0 of this plugin, you will need be mindful of the following:

  • Any use of custom variables dependant on opt interpolation and custom cli vars will no longer work, e.g.
  tenant: ${opt:tenant, 'tenant'}

This should be replaced by the use of params:

  tenant: ${param:tenant}

Params can be specified on the CLI, and helpfully you can also provide per stage params in your yml alongside a default. As a simple example:

params:
  default:
    accountId: xxxx
    accountName: proof
  red:
    accountId: yyyy
    accountName: prod
  • Stage is the source of truth for your environment. Remove any redundant variables such as {opt.environment}, these should no longer be required when using params. This makes deploying personal stacks and feature branches simpler too, as params allows for having default parameter sets within YML (see above).

Aside: From what I can glean, this does mean that compiling a single artifact of code + CF template is no longer possible, as the stage and its parameters are required at package time. These are then baked into the Cloudformation template.

  • Bonus breakage: Changed interface and usage to be more direct. serviceConfig and secretConfig have been replaced by consul and vault respectively. The existing pattern of using secretConfig pointing to a Consul path, whose value contains a Vault path, has been replaced with a direct vault path.