Learn how to sync secrets from Infisical to AWS Amplify.
Prerequisites:
There are many approaches to sync secrets stored within Infisical to AWS Amplify. This guide describes two such approaches below.
This approach enables you to fetch secrets from Infisical during Amplify build time.
Generate a service token
Go to your project settings in the Infisical dashboard to generate a service token. This service token will allow you to authenticate and fetch secrets from Infisical. Once you have created a service token with the required permissions, you’ll need to provide the token to the CLI installed in your Docker container.
Set the service token as an Amplify environment variable
Install Infisical CLI to the Amplify build step
In the prebuild phase, add the command in AWS Amplify to install the Infisical CLI.
Modify the build command
You can now pull secrets from Infisical using the CLI and save them as a .env
file. To do this, modify the build commands.
Another approach to use secrets from Infisical in AWS Amplify is to utilize AWS Parameter Store. At high level, you begin by using Infisical’s AWS SSM Parameter Store integration to sync secrets from Infisical to AWS SSM Parameter Store. You then instruct AWS Amplify to consume those secrets from AWS SSM Parameter Store as environment secrets.
Follow the AWS SSM Parameter Store Integration guide
Follow the Infisical AWS SSM Parameter Store Integration Guide to set up the integration. Pause once you reach the step where it asks you to select the path you would like to sync.
Find your Amplify App ID
Set AWS SSM Parameter Store path
You need to set the path in the format /amplify/[amplify_app_id]/[your-amplify-environment-name]
as the path option in AWS SSM Parameter Infisical Integration.
Accessing an environment secret during a build is similar to accessing environment variables, except that environment secrets are stored in process.env.secrets
as a JSON string.
Learn how to sync secrets from Infisical to AWS Amplify.
Prerequisites:
There are many approaches to sync secrets stored within Infisical to AWS Amplify. This guide describes two such approaches below.
This approach enables you to fetch secrets from Infisical during Amplify build time.
Generate a service token
Go to your project settings in the Infisical dashboard to generate a service token. This service token will allow you to authenticate and fetch secrets from Infisical. Once you have created a service token with the required permissions, you’ll need to provide the token to the CLI installed in your Docker container.
Set the service token as an Amplify environment variable
Install Infisical CLI to the Amplify build step
In the prebuild phase, add the command in AWS Amplify to install the Infisical CLI.
Modify the build command
You can now pull secrets from Infisical using the CLI and save them as a .env
file. To do this, modify the build commands.
Another approach to use secrets from Infisical in AWS Amplify is to utilize AWS Parameter Store. At high level, you begin by using Infisical’s AWS SSM Parameter Store integration to sync secrets from Infisical to AWS SSM Parameter Store. You then instruct AWS Amplify to consume those secrets from AWS SSM Parameter Store as environment secrets.
Follow the AWS SSM Parameter Store Integration guide
Follow the Infisical AWS SSM Parameter Store Integration Guide to set up the integration. Pause once you reach the step where it asks you to select the path you would like to sync.
Find your Amplify App ID
Set AWS SSM Parameter Store path
You need to set the path in the format /amplify/[amplify_app_id]/[your-amplify-environment-name]
as the path option in AWS SSM Parameter Infisical Integration.
Accessing an environment secret during a build is similar to accessing environment variables, except that environment secrets are stored in process.env.secrets
as a JSON string.