Environment/context availability at runtime

alexrussell · October 8, 2019, 12:10am

Am I right in thinking that at runtime, your manually-specified environment variables from the Netlify UI (and, hopefully, the toml file), are available to the Lambda, but certain “Netlify default” ones aren’t? In particular, I was hoping to be able to detect whether I’m in production or not. But I can’t see CONTEXT in the env at runtime.

The solution I am preparing to integrate is to specify a webpack config in my netlify-lambda build script to add DefinePlugin so I can bake the build env’s CONTEXT env into the JS for runtime. But it’d be good to know if there is something I’m missing that’s better.

talves · July 26, 2019, 5:39pm

@alexrussell I believe your assumption is correct. To get the context, you would have to bake it in.

For those who just need a quick way to know whether you are on the lambda server is to check for a process.env var that does not show up on local (example: process.env. AWS_DEFAULT_REGION).

The above check would not let you know what context the function was in, which might be worth a ton. Might be a good feature to have NETLIFY_[CONTEX, BRANCH, etc] to know what build the function was on.

I did write a quick and dirty function to find what environment vars are in a lambda environment for anyone who needs it.

exports.handler = function(event, context, callback) {
  const body = () => {
   return `<div><pre>${JSON.stringify(process.env, null, 2)}</pre></div>`
  }
  
  callback(null, {
  statusCode: 200,
  body: `${body()}`
  });
}

alexrussell · July 26, 2019, 4:33pm

I did the same, hence being able to say I can’t see CONTEXT for example.

In the end I have indeed detected CONTEXT during build and baked in the env at that point with DefinePlugin, but was wondering if there was a more at-runtime way.

I have separately asked Netlify about encrypted-at-rest env vars (for secrets) and as yet they don’t support this other than by having us rolling our own decryption using AWS SSM or something. The issue in this thread is also important for that, because if I have to bake these vars into the Lambda build, they won’t be encrypted at rest.

luke · June 22, 2020, 10:57pm

@talves has provided great answers above (as always).

The Function runtime isn’t a subshell of the build environment so isn’t inheriting those shell environment variables. The CONTEXT related environment variables are part of the shell environment in the build image. The build image is terminated after the build is complete and those environment variables will then no longer exist (unless they were “baked in” somehow).

luke · July 30, 2019, 4:47am

Sorry, @alexrussell, I also wanted to address the requirement for encrypted-at-rest environment variables with Netlify Functions. We have an open feature request for this and I have added this topic to “the list” for tracking and increasing its priority. (We’ll also follow-up here if/when this gets added.)

If anyone else also wants to see this feature get added, please do not hesitate to “heart” this reply/topic and we’ll keep updating the count on the feature request to match.