# `cdk-secret-manager-wrapper-layer`
that Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.
> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)
## Updates
**2025-03-02: v2.1.0**
* Added architecture parameter support for Lambda Layer
* Updated Python runtime from 3.9 to 3.13
* Fixed handler name in example code
* Improved layer initialization and referencing patterns
* Enhanced compatibility with AWS Lambda ARM64 architecture
## Example
```python
import { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';
import { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';
import { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';
import { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';
import { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';
const env = {
region: process.env.CDK_DEFAULT_REGION,
account: process.env.CDK_DEFAULT_ACCOUNT,
};
const app = new App();
const stack = new Stack(app, 'testing-stack', { env });
/**
* Example create an Secret for testing.
*/
const secret = new CfnSecret(stack, 'MySecret', {
secretString: JSON.stringify({
KEY1: 'VALUE1',
KEY2: 'VALUE2',
KEY3: 'VALUE3',
}),
});
const lambdaArchitecture = Architecture.X86_64;
const layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {
lambdaArchitecture,
});
const lambda = new Function(stack, 'fn', {
runtime: Runtime.PYTHON_3_13,
code: Code.fromInline(`
import os
def handler(events, contexts):
env = {}
env['KEY1'] = os.environ.get('KEY1', 'Not Found')
env['KEY2'] = os.environ.get('KEY2', 'Not Found')
env['KEY3'] = os.environ.get('KEY3', 'Not Found')
return env
`),
handler: 'index.handler',
layers: [layer.layerVersion],
timeout: Duration.minutes(1),
/**
* you need to define this 4 environment various.
*/
environment: {
AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',
SECRET_REGION: stack.region,
SECRET_ARN: secret.ref,
API_TIMEOUT: '5000',
},
architecture: lambdaArchitecture,
});
/**
* Add Permission for lambda get secret value from secret manager.
*/
lambda.role!.addToPrincipalPolicy(
new PolicyStatement({
effect: Effect.ALLOW,
actions: ['secretsmanager:GetSecretValue'],
// Also you can use find from context.
resources: [secret.ref],
}),
);
/**
* For Testing.
*/
const FnUrl = lambda.addFunctionUrl({
authType: FunctionUrlAuthType.NONE,
});
new CfnOutput(stack, 'FnUrl', {
value: FnUrl.url,
});
```
## Testing
```bash
# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/
curl ${FnUrl}
{"KEY2":"VALUE2","KEY1":"VALUE1","KEY3":"VALUE3"}
```
Raw data
{
"_id": null,
"home_page": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"name": "cdk-secret-manager-wrapper-layer",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.9",
"maintainer_email": null,
"keywords": null,
"author": "Neil Kuan<guan840912@gmail.com>",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/e3/ce/2e7aceb43c6890b25bce81826704f355f82e9694c6df6ee048471c994ecf/cdk_secret_manager_wrapper_layer-2.1.145.tar.gz",
"platform": null,
"description": "# `cdk-secret-manager-wrapper-layer`\n\nthat Lambda layer uses a wrapper script to fetch information from Secrets Manager and create environmental variables.\n\n> idea from [source](https://github.com/aws-samples/aws-lambda-environmental-variables-from-aws-secrets-manager)\n\n## Updates\n\n**2025-03-02: v2.1.0**\n\n* Added architecture parameter support for Lambda Layer\n* Updated Python runtime from 3.9 to 3.13\n* Fixed handler name in example code\n* Improved layer initialization and referencing patterns\n* Enhanced compatibility with AWS Lambda ARM64 architecture\n\n## Example\n\n```python\nimport { App, Stack, CfnOutput, Duration } from 'aws-cdk-lib';\nimport { Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam';\nimport { Function, Runtime, Code, FunctionUrlAuthType, Architecture } from 'aws-cdk-lib/aws-lambda';\nimport { CfnSecret } from 'aws-cdk-lib/aws-secretsmanager';\nimport { SecretManagerWrapperLayer } from 'cdk-secret-manager-wrapper-layer';\nconst env = {\n region: process.env.CDK_DEFAULT_REGION,\n account: process.env.CDK_DEFAULT_ACCOUNT,\n};\nconst app = new App();\nconst stack = new Stack(app, 'testing-stack', { env });\n\n/**\n * Example create an Secret for testing.\n */\nconst secret = new CfnSecret(stack, 'MySecret', {\n secretString: JSON.stringify({\n KEY1: 'VALUE1',\n KEY2: 'VALUE2',\n KEY3: 'VALUE3',\n }),\n});\n\nconst lambdaArchitecture = Architecture.X86_64;\n\nconst layer = new SecretManagerWrapperLayer(stack, 'SecretManagerWrapperLayer', {\n lambdaArchitecture,\n});\n\nconst lambda = new Function(stack, 'fn', {\n runtime: Runtime.PYTHON_3_13,\n code: Code.fromInline(`\nimport os\ndef handler(events, contexts):\n env = {}\n env['KEY1'] = os.environ.get('KEY1', 'Not Found')\n env['KEY2'] = os.environ.get('KEY2', 'Not Found')\n env['KEY3'] = os.environ.get('KEY3', 'Not Found')\n return env\n `),\n handler: 'index.handler',\n layers: [layer.layerVersion],\n timeout: Duration.minutes(1),\n /**\n * you need to define this 4 environment various.\n */\n environment: {\n AWS_LAMBDA_EXEC_WRAPPER: '/opt/get-secrets-layer',\n SECRET_REGION: stack.region,\n SECRET_ARN: secret.ref,\n API_TIMEOUT: '5000',\n },\n architecture: lambdaArchitecture,\n});\n\n/**\n * Add Permission for lambda get secret value from secret manager.\n */\nlambda.role!.addToPrincipalPolicy(\n new PolicyStatement({\n effect: Effect.ALLOW,\n actions: ['secretsmanager:GetSecretValue'],\n // Also you can use find from context.\n resources: [secret.ref],\n }),\n);\n\n/**\n * For Testing.\n */\nconst FnUrl = lambda.addFunctionUrl({\n authType: FunctionUrlAuthType.NONE,\n});\n\nnew CfnOutput(stack, 'FnUrl', {\n value: FnUrl.url,\n});\n```\n\n## Testing\n\n```bash\n# ex: curl https://sdfghjklertyuioxcvbnmghj.lambda-url.us-east-1.on.aws/\ncurl ${FnUrl}\n{\"KEY2\":\"VALUE2\",\"KEY1\":\"VALUE1\",\"KEY3\":\"VALUE3\"}\n```\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "cdk-secret-manager-wrapper-layer",
"version": "2.1.145",
"project_urls": {
"Homepage": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git",
"Source": "https://github.com/neilkuan/cdk-secret-manager-wrapper-layer.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "98d23846b8b1aed071e288b51952d64a733c2592d9350578b1c3dc5ff94bb402",
"md5": "cfc1add62f760dd2104e322451520e7e",
"sha256": "2ad0ce080a850b930860fc4eb3cac4d19a773c5e0409d4548711302921c661ce"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.145-py3-none-any.whl",
"has_sig": false,
"md5_digest": "cfc1add62f760dd2104e322451520e7e",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.9",
"size": 41466,
"upload_time": "2025-09-02T00:34:45",
"upload_time_iso_8601": "2025-09-02T00:34:45.613794Z",
"url": "https://files.pythonhosted.org/packages/98/d2/3846b8b1aed071e288b51952d64a733c2592d9350578b1c3dc5ff94bb402/cdk_secret_manager_wrapper_layer-2.1.145-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "e3ce2e7aceb43c6890b25bce81826704f355f82e9694c6df6ee048471c994ecf",
"md5": "c02c9aa2a275fb9d5d2bbd182cf9b71a",
"sha256": "9f0cffa73798b0444dd3cbd6924548fcf31b4d339d9fa985a33481381a91a575"
},
"downloads": -1,
"filename": "cdk_secret_manager_wrapper_layer-2.1.145.tar.gz",
"has_sig": false,
"md5_digest": "c02c9aa2a275fb9d5d2bbd182cf9b71a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.9",
"size": 42358,
"upload_time": "2025-09-02T00:34:48",
"upload_time_iso_8601": "2025-09-02T00:34:48.255364Z",
"url": "https://files.pythonhosted.org/packages/e3/ce/2e7aceb43c6890b25bce81826704f355f82e9694c6df6ee048471c994ecf/cdk_secret_manager_wrapper_layer-2.1.145.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-09-02 00:34:48",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "neilkuan",
"github_project": "cdk-secret-manager-wrapper-layer",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdk-secret-manager-wrapper-layer"
}
JSON
