Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
serverless-export-env
Advanced tools
Serverless plugin to export environment variables into a .env file
This Serverless plugin exports the environment variables defined in serverless.yml
into a distinct .env
file. This allows you to access these environment variables from local scripts such as for integration tests. You will find the .env
file
in the root folder of your project.
It will collect the global environment variables of the poject as well as all environment variables of the functions. It will also add API_ENDPOINT
and IS_OFFLINE
to your environment if you run the plugin via serverless offline
.
Environment variables referencing CloudFormation resources (e.g. Ref: MyDynamoDbTable
), or import values (e.g. Fn::ImportValue: MyExportedValue
) are automatically resolved to their respective values. This, however, requires the stack to be
deployed before the plugin can access any of these variables.
This plugin is based on the serverless-dotenv Plugin by Jimdo but largely rewritten to fit our needs.
There're plenty of environment and dotenv plugins available for Serverless. However, some are already obsolete, others are very limited in use case. We needed a possibility to access Serverless environment variables from command line during integration testing of our code. As some of these environment variables are referencing CloudFormation resources, none of the existing plugins was able to solve this.
Serverless offers a very powerful feature: You are able to reference AWS resources anywhere from within your .yaml
and it will automatically resolve them to their respective values during deployment. A common example is to bind a DynamoDB table name to an environment variable, so you can access it in your Lambda function implementation later:
provider:
environment:
TABLE_NAME:
Ref: MyDynamoDbTable
# ...
resources:
Resources:
MyDynamoDbTable:
Type: AWS::DynamoDB::Table
DeletionPolicy: Retain
Properties:
# ...
Later in your code you can simply access process.env.TABLE_NAME
to get the proper DynamoDB table name without having to hardcode anything.
require("dotenv").config({
path: "../.env" /* path to your project root folder */,
});
const AWS = require("aws-sdk");
const docClient = new AWS.DynamoDB.DocumentClient({
/* ... */
});
docClient.get(
{
TableName: process.env.TABLE_NAME,
Key: { foo: "bar" },
},
(result) => {
console.log(result);
}
);
The Serverless Export Env Plugin supports references to resources created within the serverless.yml
, to resources imported from another stack via Fn::ImportValue
, pseudo parameters such as AWS::Region
and AWS::AccountId
as well as the commonly used Fn::Join
intrinsic function.
The plugin allows you to make use of these references (and all other environment variables of course) from the command line by
exporting them into a .env
file in your project folder. Then use a library such as dotenv to read them during runtime.
Add the npm package to your project:
# Via yarn
$ yarn add arabold/serverless-export-env --dev
# Via npm
$ npm install arabold/serverless-export-env --save-dev
Add the plugin to your serverless.yml
:
plugins:
- serverless-export-env
That's it! You can now call serverless export-env
in your terminal to generate the .env
file based on your Serverless configuration. Alternative you can just start serverless invoke local -f FUNCTION
or serverless offline
to generate it.
You can change the path and file name of the .env
file by adding the following options to your serverless.yml
:
export-env:
pathFromRoot: "dist/app"
filename: aws.env
export-env:collect
- Collect environment variables from Serverlessexport-env:resolve
- Resolve CloudFormation references and import variablesexport-env:apply
- Set environment variables when testing Lambda functions locallyexport-env:write
- Write environment variables to fileserverless export-env
This example will export all environment variables into a .env
file in your project root folder.
Outputs
as environment variables. Thanks to lielran..env
fileAWS::AccountId
being resolved as [Object Promise]
instead of the actual value.Fn::Join
operation (contribution by @jonasho)AWS::Region
, AWS::AccountId
, AWS::StackId
and AWS::StackName
.serverless invoke local -f FUNCTION
). This allows seamless as if the function would be deployed on AWS.Fn::GetAtt
, Fn::Sub
,
etc. (see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference.html)FAQs
Serverless plugin to export environment variables into a .env file
We found that serverless-export-env demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.