Doppler JSON format for AWS SAM CLI

Hi, We want to download doppler secrets through the cli in a json file in a specific format -
“Parameters”: {
“TABLE_NAME”: “localtable”,
“BUCKET_NAME”: “testBucket”,
“STAGE”: “dev”

The use case is to send env variables to the AWS SAM cli - sam local start-api --template samtemplate.yml --env-vars env.json
Additionally is there any way to use a standard format .env file to get the CLI working?
We tried doppler run -- sam local start-api --template samtemplate.yml with no success.

Reference - Invoking functions locally - AWS Serverless Application Model

Hey @Rnjai_Lamba and welcome to the Doppler community!

As long as you have all of the Doppler secrets listed in the Environment.Variables section of your SAM template, then doppler run -- sam local start-api will work. For example:

    Type: AWS::Serverless::Function
          # Every other secret here

If for whatever reason you’d like to use the --env-vars option instead, you can achieve this using:

sam local start-api --env-vars <(echo "{\"Parameters\":$(doppler secrets download --no-file --format json)}")

Let me know how you go!

Hi Ryan, thanks a lot for the guidance.
Since our environment variables will keep on changing while we manage them on Doppler, how should we ensure our SAM template gets these secrets listed in the Environment.Variables section?

This is a good question!

After a bit of experimentation, I think a better (although slightly more complex) solution is to have a script that renders a deployment template with populated environment variables that will be used as a custom template provided to the SAM CLI using the --template option.

The workflow would essentially be this:

  1. Create deployment template file populated with environment variables form Doppler
  2. Execute SAM CLI command (e.g sam local start-api --template template-deploy.yaml)
  3. Remove template-deploy.yaml

An example of a template generator in the wild is Kubernetes kustomize.

This means you’ll never have to worry about the list of secrets getting out of sync, and takes care of setting the environment variables for deployment.

Check out this GitHub Gist for an implementation starting point and keen to get your feedback.

1 Like