0

We have a aws lambda function using serverless framework. We are seeing weird behavior, when bitbucket pipeline is running, all the instances of word "admin" are being replaced by "$ARTIFACTORY_USER". When we are trying to echoing variables in pipeline, we are getting this output, img

Is the "admin" the reserved keyword in lambda, what are the possible cause of this. This is the command we are using npm i && sls deploy --region ca-central-1 --stage dev

Below are the serverless plugins we are using

  • serverless-iam-roles-per-function
  • serverless-dotenv-plugin
  • serverless-add-api-key
  • serverless-domain-manager
  • serverless-certificate-creator

We tried to run the same code in different pipeline, which doesnt contain "admin" word anywhere in the serverless.yml, its working there.

Need confirmation whether "admin" is the reserved keyword in serverless framework. We have admin in the domain url as well, if its a reserved keyword, how can we still use it in the domain name

alpesh yadav
  • 1
  • 1
  • It's not a reserved work in Serverless Framework, did you try to deploy the same service via different CI solution or from local environment? – pgrzesik Aug 09 '23 at 16:49
  • Yes, we tried, and it worked there surprisingly, the only difference in that pipeline is there aint any "admin" word – alpesh yadav Aug 10 '23 at 05:03
  • Can you try running the one with `admin` word in this different pipeline or locally? – pgrzesik Aug 10 '23 at 14:43
  • Tried in new repo with this different pipeline, `admin` is gettiing transformed to `$ARTIFACTORY_USER` , but if I change `admin` to any other word like `admn`, its working – alpesh yadav Aug 10 '23 at 15:34

1 Answers1

0

That is because the ARTIFACTORY_USER variable evals to "admin" and it is configured as a secret.

See https://stackoverflow.com/a/73680633/11715259

Note now everyone in the internet knows your secret. If that was truly a secret for you you should rotate that value ASAP.

You should avoid such weak secrets. Using dictionary words that can legitimately show up in the logs will cause this security feature to expose the value of your secret so that it could be inferred even if it was never deliberately printed.

N1ngu
  • 2,862
  • 17
  • 35