How much code does it take to feed a secret from AWS SSM into a LocalStack container — with nothing on disk and nothing committed?
This much:
const env = await Envilder.resolveFile('envilder.json');
const localstack = await new LocalstackContainer('localstack/localstack:stable')
.withEnvironment(Object.fromEntries(env))
.start();Plus one committed file that maps names to paths — paths, not values, so it's safe in Git:
{
"LOCALSTACK_AUTH_TOKEN": "/demo/localstack/auth-token"
}That's the entire integration. Envilder resolves the token from your cloud at runtime: SSM → memory → container. No .env, no export, no bash script per stack. This repo shows the same two lines in five setups.
| Folder | Stack | Run it |
|---|---|---|
typescript-testcontainers/ |
Vitest + Testcontainers | npm install && npm test |
python-testcontainers/ |
pytest + Testcontainers (uv) | uv run pytest |
dotnet-testcontainers/ |
xUnit + Testcontainers | dotnet test |
dotnet-aspire/ |
Aspire AppHost + Aspire.Hosting.Testing |
cd AppHost.Tests && dotnet test |
typescript-aspire/ |
Aspire TypeScript AppHost | npm install && npm test * |
Every test does the same three steps: resolve the token with the Envilder SDK, start LocalStack with it, and round-trip a SecureString against emulated SSM — the operation that requires a valid auth token.
Testcontainers and Aspire are alternative orchestrators; pick the folder that matches your project. (Aspire AppHosts can also orchestrate Python and JavaScript apps.)
* Needs the Aspire CLI 13.2+. The test is black-box (spawns aspire run and waits for the health endpoint) since there's no TypeScript Aspire.Hosting.Testing yet.
You need Docker, AWS credentials in ~/.aws/credentials, and a LocalStack auth token stored in your SSM. Envilder pushes it for you — also one command:
npx envilder --push --key=LOCALSTACK_AUTH_TOKEN \
--value=<your-token> --secret-path=/demo/localstack/auth-tokenUsing a named AWS profile, or keeping the token in Azure Key Vault instead of SSM? Both are a $config block in envilder.json — see providers.