Environment Variables
Date: 2023-09-14
Status: proposed
Context
Applications should be configurable by environment variables. This a recommendation of 12 factor apps. This could be either config files provided per environment or environment variables or a mix of these.
This allows to deploy the same software artifact within different environments as well as removes hardcoded credentials from the sources.
Decision
To support this the remix-stack hands over all environment variables and secrets
which are prefixed with APP_ while a deployment is running to the lambda
function in the created stack.
This enables teams to declare their configuration in their GitHub repository as action secrets, environment secrets or environment variables.
Consequences
One side-effect of this decision might be, that the lambda will have access to too many environment variables. For example if there are settings in the GitHub organization these are inherited by the repository and will be handed over to the lambda.
We think that this side-effect is not critical from a point of security and will not influence the application, because the bare existance of variables will not change the application code.