Skip to content

FAQ

Jump to bottom
Joseph Lee Hunsaker edited this page Mar 14, 2018 · 4 revisions

Question:

How do I use KMS encrypted environment variables?

Answer:

Create a package.json with the following variables static values:

{
    "env": {
        "DBPassword_kms": "yourEncryptedPasswordHere",
        "DBUsername": "yourDatabaseUsername"
    }   
}

For calculated or dynamic values

For deployment: package.json with the following variables:

{
    "env": {
        "DBPassword_kms": "${cloudformationPasswordParameter}",
        "DBUsername": "${cloudformationUsername}"
    }   
}

For testing locally: bot_dir/test/process.json:

{
    "env": {
        "DBPassword_kms": "yourEncryptedPasswordHere",
        "DBUsername": "yourDatabaseUsername"
    }   
}

Use the variables

To use the value in your Lambda function:

exports.handler = function(event, context, callback) {
    console.log("Username:", process.env.DBUsername);
    console.log("Decrypted value:", process.env.DBPassword_kms);
    callback();
}

Clone this wiki locally