serverless-dotenv-plugin icon indicating copy to clipboard operation
serverless-dotenv-plugin copied to clipboard
verified publisher icon neverendingqs

Default behaviour should be to not automatically set any Lambda environment variables

Open neverendingqs opened this issue 4 years ago • 0 comments

Right now, all Lambda function environments are configured with all variables in the dotenv file(s). This can easily cause security issues by setting environment variables that contain secrets (e.g. SENTRY_SECRET gets set when none of the Lambda functions use it). As well, it can cause confusion on what is happening on different environments (e.g. #65).

The new default value should be functionally equivalent to:

custom:
  dotenv:
    include: []
  • [ ] Update README to recommend new safe default
  • [ ] Update README to warn about deprecation
  • [ ] Add or update toggle to switch behaviour on major version bump

neverendingqs avatar Feb 06 '21 21:02 neverendingqs