How to deal with environment variables, source control & serverless.yml

buggy · July 10, 2017, 11:53am

The long version - Read this Keeping secrets out of Git

The short version -

Create a secrets.yml that looks something like

default: &default
  <<: *default
  COMMON_API_KEY: "AN API KEY COMMON TO ALL ENVIRONMENTS"
  COMMON_API_SECRET: "AN API KEY COMMON TO ALL ENVIRONMENTS"

dev:
  <<: *default
  API_KEY: "YOUR DEVELOPMENT API KEY"
  API_SECRET: "YOUR DEVELOPMENT API SECRET"

stage:
  <<: *default
  API_KEY: "YOUR STAGING API KEY"
  API_SECRET: "YOUR STAGING API SECRET"

prod:
  <<: *default
  API_KEY: "YOUR PRODUCTION API KEY"
  API_SECRET: "YOUR PRODUCTION API SECRET"

Add secrets.yml to your .gitignore

Put this into your serverless.yml

custom:
  stage: ${opt:stage, self:provider.stage}
  secrets: ${file(secrets.yml):${self:custom.stage}}

Then reference the secrets like ${self:custom.secrets.API_KEY} etc…

Topic		Replies	Views
How to make serverless not changing the value of environment variable? Serverless Framework	5	3237	November 6, 2018
Managing secrets in Serverless beta Serverless Framework	3	1521	May 12, 2017
Where should i store my api_key and other sensitive data in a serverless project Serverless Framework	2	1219	September 27, 2018
Storing env.yml in repo for bitbucket pipeline Serverless Framework	2	1244	March 20, 2019
How to set environment variables in beta? Serverless Framework	3	1836	August 22, 2016

How to deal with environment variables, source control & serverless.yml

Related topics