Enhance DD_API_KEY_SECRET_ARN description with JSON support#36515
Open
litianningdatadog wants to merge 2 commits intomasterfrom
Open
Enhance DD_API_KEY_SECRET_ARN description with JSON support#36515litianningdatadog wants to merge 2 commits intomasterfrom
litianningdatadog wants to merge 2 commits intomasterfrom
Conversation
Updated the description for the DD_API_KEY_SECRET_ARN environment variable to include JSON extraction details starting from version 96.
💡 Codex Review Update setup pages that still reject JSON secrets
When this new v96 behavior is published here, users following the primary Lambda setup pages still get the opposite instruction: a repo-wide search shows ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
duncanista
approved these changes
May 6, 2026
Contributor
duncanista
left a comment
duncanista
left a comment
There was a problem hiding this comment.
approving from serverless, lets wait on docs to approve
estherk15
approved these changes
May 6, 2026
| | `DD_API_KEY` | The environment variable with your Datadog API key, in plaintext. **One** key environment variable is required. See [serverless CLI environment variables][7]. | | ||
| | `DD_KMS_API_KEY` | The environment variable with your Datadog API key, using KMS. **One** key environment variable is required. See [serverless CLI environment variables][7]. | | ||
| | `DD_API_KEY_SECRET_ARN` | The environment variable with your Datadog API key, using an AWS Secrets Manager secret. **One** key environment variable is required. See [serverless CLI environment variables][7]. | | ||
| | `DD_API_KEY_SECRET_ARN` | The environment variable with your Datadog API key, using an AWS Secrets Manager secret. **One** key environment variable is required. Starting v96, we can now extract the API key from a JSON-formatted Secrets Manager secret. If the secret value is a JSON object containing the field `dd_api_key` (hardcoded, not configurable), its value is used as the API key; otherwise the raw secret string is used as before. See [serverless CLI environment variables][7]. | |
Contributor
There was a problem hiding this comment.
Suggested change
| | `DD_API_KEY_SECRET_ARN` | The environment variable with your Datadog API key, using an AWS Secrets Manager secret. **One** key environment variable is required. Starting v96, we can now extract the API key from a JSON-formatted Secrets Manager secret. If the secret value is a JSON object containing the field `dd_api_key` (hardcoded, not configurable), its value is used as the API key; otherwise the raw secret string is used as before. See [serverless CLI environment variables][7]. | | |
| | `DD_API_KEY_SECRET_ARN` | The environment variable with your Datadog API key, using an AWS Secrets Manager secret. **One** key environment variable is required. Starting with version 96, you can extract the API key from a JSON-formatted Secrets Manager secret. If the secret value is a JSON object containing the field `dd_api_key` (hardcoded, not configurable), its value is used as the API key; otherwise the raw secret string is used as the API key. See [Serverless CLI environment variables][7]. | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do? What is the motivation?
Merge instructions
Merge readiness:
For Datadog employees:
Your branch name MUST follow the
<name>/<description>convention and include the forward slash (/). Without this format, your pull request will not pass CI, the GitLab pipeline will not run, and you won't get a branch preview. Getting a branch preview makes it easier for us to check any issues with your PR, such as broken links.If your branch doesn't follow this format, rename it or create a new branch and PR.
[6/5/2025] Merge queue has been disabled on the documentation repo. If you have write access to the repo, the PR has been reviewed by a Documentation team member, and all of the required checks have passed, you can use the Squash and Merge button to merge the PR. If you don't have write access, or you need help, reach out in the #documentation channel in Slack.
AI assistance
Additional notes