From 12a94f8206cf157a9ac73a0139dee1f2df13b939 Mon Sep 17 00:00:00 2001 From: ykethan Date: Mon, 23 Dec 2024 15:21:17 -0500 Subject: [PATCH 1/2] add callout for branch env variables --- .../fullstack-branching/secrets-and-vars/index.mdx | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx b/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx index 22e69890839..00f19dcacb0 100644 --- a/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx +++ b/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx @@ -136,6 +136,13 @@ build: - npm run build ``` + + +Note: do not store secret values in environment variables. Environment variables values are rendered in plaintext to the build artifacts and can be accessed by anyone with access to the build artifacts or [get-app](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/amplify/get-app.html) command. + + + + With the implementation above, the environment variable is written in a `.env` file. However, you can write it to any file depending on your platform. From bdaf55fca6cd2607cea4fd3c3e8b1e882538003d Mon Sep 17 00:00:00 2001 From: ykethan Date: Tue, 24 Dec 2024 14:25:12 -0500 Subject: [PATCH 2/2] update callout location --- .../fullstack-branching/secrets-and-vars/index.mdx | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx b/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx index 00f19dcacb0..0d9ff02def4 100644 --- a/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx +++ b/src/pages/[platform]/deploy-and-host/fullstack-branching/secrets-and-vars/index.mdx @@ -112,6 +112,12 @@ npx ampx sandbox secret remove foo ## Set environment variables + + +Note: do not store secret values in environment variables. Environment variables values are rendered in plaintext to the build artifacts and can be accessed by anyone with access to the build artifacts or [get-app](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/amplify/get-app.html) command. + + + Environment variables work like key-value pairs to help manage configurable settings across different deployment environments, including development, staging, and production. Unlike secrets, which store sensitive data, environment variables are typically nonconfidential and are used for controlling application behavior in different environments. Another key difference is that environment variables are stored and managed by the Amplify managed service. You can set environment variables in the Amplify console (view the [AWS Amplify Hosting User Guide](https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html#setting-env-vars) for detailed instructions).