Use environment variables in an AWS Lambda function

Tomasz Łakomy
InstructorTomasz Łakomy
Share this video with your friends

Social Share Links

Send Tweet
Published 5 years ago
Updated 4 years ago

Secrets are meant to be... well, secret.

We should do whatever we can not to expose important secure keys (like database passwords) to the outside world.

As such, hardcoding passwords inside of your source code is a terrible idea.

Luckily, with AWS Lambda we can avoid that - in this quick lesson we're going to learn how we can use environment variables in order to pass in a password to a lambda function without potentially exposing it to the world.

Instructor: [0:00] We have a new Lambda function where we want to be able to use the super secure database password in order to log in to the database. Right now, if I were to run this function using the test trigger, we're going to see this super secure database password logged in over here.

[0:14] For the record, do not do that. Do not log out your password. This is for educational purposes only. Nevertheless, we should not have code our passwords like this inside of the source code. Instead, they do belong in environment variables.

[0:27] With AWS Lambda, we are able to define our environment variables over here. I can set the key to be DB_PASSWORD, and I am going to copy and paste the value over here. Right now, instead of using this hard-coded password, I can do process.env.DB_PASSWORD.

[0:47] If I save this function and trigger it again, we're going to see the same password logged out to the logs, but it's not going to be defined strictly in the code because we've defined it as an environment variable over here.