Although this solves our use case of developing with Amplify, loading your environment variables from a secret store is a great way to conveniently manage all your environments from one place.
When working with NodeJS applications, using
.env is the go-to method for storing environment variables however it starts to fall down with Amplify when you have multiple lambda functions that all need a common environment, and even more so if you want to quickly switch between Amplify backend environments.
Storing your environment variables within AWS Secrets Manager is a great way to setup your backend environments once and not have to worry about it again, it also gives the added bonus of not having your secrets easily readable within the AWS Lambda console.
Let’s get started by first creating a JSON file containing the required environment variables. You can create as many environments as you like, we recommend using one environment per developer with the addition of staging and production.
Alternatively, you could create an environment per feature branch but this didn’t work for us. See more about teams environments. Note, this can also be done through the AWS console.
Create the file
Then push the variables to AWS Secrets Manager.
We like to use a naming convention to cover:
Which ends up like this:
We might end up with the following secret names:
The environment names above need to exactly match your Amplify environments, these can be added with the following.
We now need to create a helper file which will be used by each of our Lambda functions. By default Lambda will give us the region (
process.env.REGION) and Amplify environment name (
process.env.ENV). View as a Gist.
This function will do the following:
The next step is to call this code everytime your application starts. Keep in mind that this will cost $0.05/10,000 calls, if this starts to get expensive or if it adds too much latency you can always introduce Redis.
In your main function, call
setSecretEnvs as early as you can.
You will now find that
process.env contains all the variables from the JSON file you imported earier.
If you want to switch to a new local Amplify environment, all you need to do is run the following and the correct secrets store will be used automatically.
This worked for us to solve the problem of managing environment variables across multiple functions/developers in a set and forget fashion, it also helped to centralise and secure the variable values as an added bonus which is actually very convenient.
If you’re not using AWS, it wouldn’t be difficult to adapt the above code to work with other providers.