Support for environment variables in serverless apps

arunrajkumar235 · December 11, 2020, 7:41am

Serverless apps make use of external services like Email, Scheduler, Storage, etc.
In order to use these services, it requires authentication keys to be used.
Currently, these keys are kept in code, inside the server.js file.
Sensitive info like auth keys are forced to be committed in repository.
This poses a security risk of exposing the keys (even if it is a private repository).

Request

To provide an option to store environment variables (via fdk or through Developer Console UI)

This will help separate code from configuration.

Also, it will enable developers to have different configuration for staging and production environments.

ManiDeepak_Vandrangi · December 15, 2020, 4:02am

@arunrajkumar235
Thank you for the feedback. You can always use secure iparams to store any authentication keys. We had disabled accessing environment variables for security purposes.

arunrajkumar235 · December 15, 2020, 5:50am

@ManiDeepak_Vandrangi, I’m not sure you understood me right.

iparams are used for app configuration.

Environment variables are for storing tokens used on the server side for the services that the app makes use of.

For example, the authentication for the email service, tokens for google cloud storage authentication.

The customer need not provide this information via iparams.

ManiDeepak_Vandrangi · December 15, 2020, 10:53am

I gave the above suggestion keeping custom apps in mind. True that we don’t have a way of having secure keys via environment variables.