Skip to content

Latest commit

 

History

History
55 lines (37 loc) · 2.84 KB

File metadata and controls

55 lines (37 loc) · 2.84 KB

Envilder Examples

How much code does it take to feed a secret from AWS SSM into a LocalStack container — with nothing on disk and nothing committed?

This much:

const env = await Envilder.resolveFile('envilder.json');

const localstack = await new LocalstackContainer('localstack/localstack:stable')
  .withEnvironment(Object.fromEntries(env))
  .start();

Plus one committed file that maps names to paths — paths, not values, so it's safe in Git:

{
  "LOCALSTACK_AUTH_TOKEN": "/demo/localstack/auth-token"
}

That's the entire integration. Envilder resolves the token from your cloud at runtime: SSM → memory → container. No .env, no export, no bash script per stack. This repo shows the same two lines in five setups.

The examples

Folder Stack Run it
typescript-testcontainers/ Vitest + Testcontainers npm install && npm test
python-testcontainers/ pytest + Testcontainers (uv) uv run pytest
dotnet-testcontainers/ xUnit + Testcontainers dotnet test
dotnet-aspire/ Aspire AppHost + Aspire.Hosting.Testing cd AppHost.Tests && dotnet test
typescript-aspire/ Aspire TypeScript AppHost npm install && npm test *

Every test does the same three steps: resolve the token with the Envilder SDK, start LocalStack with it, and round-trip a SecureString against emulated SSM — the operation that requires a valid auth token.

Testcontainers and Aspire are alternative orchestrators; pick the folder that matches your project. (Aspire AppHosts can also orchestrate Python and JavaScript apps.)

* Needs the Aspire CLI 13.2+. The test is black-box (spawns aspire run and waits for the health endpoint) since there's no TypeScript Aspire.Hosting.Testing yet.

Before you run (once)

You need Docker, AWS credentials in ~/.aws/credentials, and a LocalStack auth token stored in your SSM. Envilder pushes it for you — also one command:

npx envilder --push --key=LOCALSTACK_AUTH_TOKEN \
  --value=<your-token> --secret-path=/demo/localstack/auth-token

Using a named AWS profile, or keeping the token in Azure Key Vault instead of SSM? Both are a $config block in envilder.json — see providers.

Links