aws / aws-lambda-python-runtime-interface-client

Apache License 2.0
263 stars 75 forks source link

Adding the ability to use Secrets Manager secrets as Environment Variables #53

Open jackcasey-visier opened 3 years ago

jackcasey-visier commented 3 years ago

Hello!

I'm opening this issue to put out feelers if anyone would be interested in this sort of functionality.

In summary, the use case that I'm approaching is we have a function that uses secrets from Secret Manager. Right now to get this working, we have boto3 make a call to Secrets Manager every time it's needed. This also introduces a bit of overhead for local testing, as in our workflows those secrets are supplied as environment variables locally. Additional logic is needed to make the same image work in both places.

What I'm imagining is upon the first Lambda startup, the runtime would fetch the secrets from Secret Manager, and "mount" them as as environment variables. That way, in application code no additional context aware logic is required. The application logic would simply pull that value from environment variables without the need to "know" where it's coming from.

Any feedback is greatly appreciated! If there is interest, I'd be happy to put together a POC 😄

Thanks!