Question:
I have a CD pipeline for my NodeJS app and the pipeline contains these steps:
1) Travis CI uploads the master branch to S3 as a zip file
2) Travis CI triggers AWS CodeDeploy deployment
3) CodeDeploy grabs the .zip file, extracts it to my AWS EC2 and runs the app
But my NodeJS app needs some environment variables to run. Since values of these variables are sensitive, I’m storing these vars in TravisCI’s Repository Settings and don’t have a clue how to pass my environment variables from Travis to EC2.
I can use env attribute of the appspec.yml (for CodeDeploy) but my env. vars containing sensitive info which shouldn’t be in the code repository.
Is there any best practice to pass my env. vars. from Travis to EC2 instance through CodeDeploy?
For now what I am doing is, generating a .env file during the Travis build and adding it to .zip file, so when the app is deployed to EC2, I can reach them by using dotenv package of NodeJS. But I don’t think this is the best approach.
Answer:
A developer friendly option is to use AWS AppConfig to host configuration files. A developer can easily log into AWS and copy the .env file as an AppConfig hosted configuration. When the code deploys, your deploy script can pull these files from AWS Config.
This this more developer friendly as the they can edit the .env file directly in AppConfig Configuration via browser. AppConfig encrypts the data also keeps track of versioning and environments.
Reading Materials: