Saving Environment Variable from Netlify Function

So my guess is this isn’t possible, but hoping someone smarter than myself can answer this, or at least give me some ideas. I’m wondering if there is a way to save a response (Access_Token) to Netlify Environment Variables from a Netlify Function (Lambda Function) so I’ll have access to that token from other functions. Is this possible? If it isn’t possible any suggestions for working around this issue? I’m trying to create an app built on React/Netlify Functions and I’m trying to keep private keys safe. Any suggestions/feedback would be greatly appreciated! Thank you.

I had a similar use case, and I thought of using Netlify Functions but after thinking a lot, I figured out it’s indeed not possible. Netlify Functions are going to be accessible client-side and anyone can pull up their developer tools, find the URL of the function and call it. Sure you can add additional checks like check for referrer or host, but I guess, it can all be overridden in a Curl command. So, if anyone is desperate and smart enough, they can get through it. The only use of Netlify Functions would be when you want to reach to some external API with a specific environment variable, but if you want the Function to return the EV’s value to you, you’re out of luck.

If someone else does have a solution, that’d be amazing!

Thanks for the reply, indeed anyone could call the function client-side however, does that mean they’d have access to the code of the function? Other than seeing a response, I haven’t seen how I can view the code of my Lambda Function from developer tools.

No they can’t access the code of the function. I assumed you’re returning the value of your environment variable which is what I was trying to do.

No, so I have function that is supposed to return an Access_Token and I was wondering if I can store that in Netlify environment variables so my other functions would have access to the Access_Token, while still keeping it not accessible to the user.

Yes, you can assess environment variables in functions using process.env.EV_NAME. What you can’t do is store it in Netlify using Functions. It’s Read Only.

That is what I was thinking but wasn’t 100% sure. Thank you for the clarification!

Hey @philecker :wave:t2:

And welcome to The Forums :netliheart:

A couple of ideas for you. Can you write to process.env and expect it to be available in subsequent instances of the Lambda runtime when your Function is run? Negative. As Hrishikesh noted, that’s not going to work. That’s more of an AWS Lambda restriction than Netlify, but it is what it is.

Before getting to some ideas, I’m going to work off the premise that you’ve got a function (let’s call it Function A) that gets some sort of medium-lived access_token from some third party (perhaps an auth ID that’s only valid for 12 hours?) and you want to store that somewhere that all of your functions can read from for the next 12 hours. I’m assuming medium-lived because if it was short lived, perhaps each function invocation could go get a new token, and if it was long-lived perhaps you could just manually enter that value into the Netlify Build&Deploy screen. But since it’s medium (12 hours) lived, it would be annoying to manually update every 12 hours and therefore we want a place to automatically store if off (and probably automatically refresh it too — recommend for this).

So under those circumstances, your simplest and best bet is going to be using an external key-value-pair DB. Something like Redis (which does have a free tier) is probably your best bet. Then you can store your Redis API key in the Netlify Build&Deploy ENV vars screen, and your functions can all interact with Redis to get the current value of your access_token. Use region us-east-1 if you’re going this route since: ref:

By default, all serverless functions are deployed with:

  • us-east-1 AWS Lambda region

You should get phenomenal latencies when running your Redis store in the same region as your Netlify Functions. If for some reason you really don’t want to use us-east-1, you can request a region-change for your functions but you must be on the Pro Netlify pricing tier.

Option two probably isn’t going to work, but I at least wanted to throw it out there. You can update / modify your Site’s ENV vars via the Netlify API, but due to the Netlify Functions packing process, you need to re-deploy any functions once you update any ENV vars in that panel (either manually via browser or by API). ENV vars are essentially packed into a Function’s runtime then shipped to AWS Lambda so updating ENV vars on the Netlify side requires that Functions be re-packed for the new ENV vars to get packaged into the updated Function runtime. So… this option isn’t great. You’d have to update your ENV var(s) via the API then also trigger a redeploy of all functions. Probably not worth it.

Options 3 and 4 are both crazy so I’m going to leave them out altogether. Use option 1 :slight_smile:

I hope that helps!