Setting environment variables securly

[yuvadm]

Documentation states that all environment variables, global or per-stage, should be set in .chalice/config.json.

However, assuming config.json is committed to source control, this is a bad practice that commit secrets to a shared project.

Setting environment variables directly through the AWS Lambda web UI is a non-solution since they will be deleted / overridden on the next chalice deploy.

What's the best way to store env vars in a secure way that also allows committing config.json to source control?

[AmirFone]

Maybe use AWS Systems Manager and then fetch at runtime as a best practice, and a secure solution

[yuvadm]

@AmirFone interesting proposal, but right now I'm using a very lean deployment of Lambda/Chalice and would prefer a solution that does not involve any additional AWS products that will bloat my deployment.