Support for environment variables in serverless apps

  • Serverless apps make use of external services like Email, Scheduler, Storage, etc.
  • In order to use these services, it requires authentication keys to be used.
  • Currently, these keys are kept in code, inside the server.js file.
  • Sensitive info like auth keys are forced to be committed in repository.
  • This poses a security risk of exposing the keys (even if it is a private repository).

Request

  • To provide an option to store environment variables (via fdk or through Developer Console UI)

This will help separate code from configuration.

Also, it will enable developers to have different configuration for staging and production environments.

@arunrajkumar235
Thank you for the feedback. You can always use secure iparams to store any authentication keys. We had disabled accessing environment variables for security purposes.

@ManiDeepak_Vandrangi, I’m not sure you understood me right.

iparams are used for app configuration.

Environment variables are for storing tokens used on the server side for the services that the app makes use of.

For example, the authentication for the email service, tokens for google cloud storage authentication.

The customer need not provide this information via iparams.

I gave the above suggestion keeping custom apps in mind. True that we don’t have a way of having secure keys via environment variables.