encrypt environment variables using a KMS key

[rdtr]

Hi,

Thanks you for providing the great tool to relieve the pain in python lambda function deployment!

From AWS console, we can easily encrypt environment variables using KMS so that all variables are masked like *****.

Can we do the same thing on function deployment using lamvery? I read the doc but I could only find lamvery.secret.get('foo') to embed secret info to lambda function.

I guess we need to add something like

        kms_key_arn = conf.get('kms_key_arn')
        if kms_key_arn is not None:
            kwargs['KMSKeyArn'] = kms_key_ar

in def create_function but still don't fully figure it out.

[marcy-terui]

Hi,

Thank you for your impressions that makes me happy ✨

It's exactly as you say.
Environment variables are already supported. But, we can not specify the KMS key used to encrypt the function's environment variables.

I think I will implement the feature in the near future.
If you hurry, I welcome a pull request :-)

[rdtr]

Sorry for the late reply.

I tried but just assigning KMSKeyArn seems not to be sufficient, environment variables were not encrypted. I tried calling kms API through boto3 in advance and set encrypted values to environment variables but then encrypted strings just shown on console, not masked...

I will look into it deeper when I have chance, but since it's not urgent for me, if you can implement it in future release that's fine for me 👍

Arigato Gozaimasu!