Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to resolve secrets when running sam local invoke. #2987

Closed
devpresleycobb opened this issue Jun 26, 2021 · 3 comments
Closed

Unable to resolve secrets when running sam local invoke. #2987

devpresleycobb opened this issue Jun 26, 2021 · 3 comments
Labels
area/local/invoke sam local invoke command

Comments

@devpresleycobb
Copy link

Description:

When running sam local invoke if you are resolving secrets from secrets manager you do not get the secret you get the string placed in the template.yaml. When the function is deployed the string is resolved to it's actual secret value. Preferably invoking locally would give me the secret value im looking for.

Steps to reproduce:

  1. Create a secret in secrets manager
  2. Add said secret to your template.yaml like this for example: WSS_ENDPOINT: '{{resolve:secretsmanager:prod/wss/api:SecretString:endpoint}}'
  3. Make sure to attempt to print out the environment variable.
  4. run sam local invoke.

Observed result:

The print statement shows '{{resolve:secretsmanager:prod/wss/api:SecretString:endpoint}}'

Expected result:

The print statement should show wss://ldjslf382.execute-api.us-west-2.amazonaws.com/production

Additional environment details (Ex: Windows, Mac, Amazon Linux etc)

  1. Windows:
  2. SAM CLI, version 1.24.0:
  3. AWS region: us-east-1

Add --debug flag to command you are running

@qingchm qingchm added the area/local/invoke sam local invoke command label Jun 28, 2021
@CoshUS
Copy link
Contributor

CoshUS commented Sep 24, 2021

Hey @devpresleycobb,
Thanks for the feedback. SAM CLI does not resolve remote resources for local invoke and adding support for each individual use case would be unmanageable. However, we are working on facilitating testing your project directly in the cloud with extremely fast local to remote syncs.
We would love to hear your opinion in our RFC for this new project: #3264

@CoshUS CoshUS added the blocked/close-if-inactive Blocked for >14 days with no response, will be closed if still inactive after 7 days label Sep 24, 2021
@CoshUS CoshUS closed this as completed Sep 24, 2021
@CoshUS CoshUS removed the blocked/close-if-inactive Blocked for >14 days with no response, will be closed if still inactive after 7 days label Sep 24, 2021
@github-actions
Copy link
Contributor

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@dgard1981
Copy link

I've just come across this issue and it's a real shame that the attitude seems to be "it's hard so we won't even bother trying." 👎

Hopefully AWS will reconsider in the future.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/local/invoke sam local invoke command
Projects
None yet
Development

No branches or pull requests

4 participants