Storing Secrets
In general it’s recommended that you use AWS SSM to store secrets for your Serverless app. However, there are times when you need some secrets to be involved in the build process. You should avoid storing these in your serverless.yml. Seed lets you store them as secret environment variables through the Seed console.
Seed internally encrypts them using AWS KMS and stores them. They are then decrypted during the build process. And upon deployment, Seed sets them as Lambda environment variables.
You can then access them in your Node.js Lambda functions using the process.env object.
To add a secret, select the stage you are trying to set it for.
And hit Settings.
Select Show Env Variables.
Enter the Key and Value for the new secret, and click Add.
Note that the newly created secrets will take effect only after the next deployment to this stage. And these secrets will be available to all the services in your application.
Secret variables take precedence over the other stage variables defined in serverless.yml. If you were to define a secret variable, and the same variable is defined in the yaml file; the value defined in serverless.yml is overridden.
Secrets take precedence over other environment variables
This is useful when you are developing on your local where your Lambda functions are not going to have access to the secrets from the Seed console.
Secrets are available in your build process
For example, we just created a secret variable DB_PASSWORD for the production stage. The same variable is also defined in the serverless.yml.
service: service-name
provider:
name: aws
environment:
DB_PASSWORD: '1234567890'
When invoking your function on any other environment other than production, the process.env.DB_PASSWORD returns the value defined in serverless.yml. And in the case of production it returns the secret value that you had set in the Seed console.
export function main(event, context, callback) {
console.log(process.env.DB_PASSWORD);
...
}
Finally, you can access your secrets just as you would access any other environment variable in Lambda.
Help improve this page. Edit it with GitHub
Was this page helpful? Let us know via Twitter
Having trouble configuring a CI/CD pipeline for your Serverless apps? Let Seed do it for you!
Learn More