Why does 11 environment variables exceed the AWS Lambda limit?

I started getting the famed build fail with “Your environment variables exceed the 4KB limit imposed by AWS Lambda. Please consider reducing them.”.

But after reducing the number ENV_VARS down to only 11, it keeps failing. I got that message previously when I had way more than 11 (probably 20+) and just deleted a couple of them from the GUI to make it build again.

There are two Google Cloud private keys that are longish base64strings which have been with me since the start, the rest are just short strings, even a couple with “TODO” as their value.

I’m not sure how I could possibly fix this without deleting every key I have entered.

*How is this limit counted? *

Are they somehow cached or could an error make them stick around and count towards the limit after being deleted from the interface?

In addition to the 11 in the GUI I set one ENV var in my netlify.toml per build command:

[build]
  command = "npm run build"
  publish = "_public"
  PROJECT_ENV = "production"

[context.branch-deploy]
  command = "npm run build:dev"
  PROJECT_ENV = "development"

[context.development]
  command = "npm run build:dev"
  PROJECT_ENV = "development"

[functions]
  directory = "/netlify-functions"
  node_bundler = "esbuild"

The functions use the same 11 vars from the GUI.

EDIT:

Listing all env vars that are taken into the build, I see a bunch of extra stuff and wonder if those also count towards the 4kb limit:

5:06:17 PM:   'FORCE_COLOR',
5:06:17 PM:   'PIPENV_VENV_IN_PROJECT',
5:06:17 PM:   'NETLIFY_BUILD_BASE',
5:06:17 PM:   'FXOFFICE_KEY',
5:06:17 PM:   'NVM_INC',
5:06:17 PM:   'rvm_delete_flag',
5:06:17 PM:   'rvm_prefix',
5:06:17 PM:   'LANGUAGE',
5:06:17 PM:   'STRIPE_SECRET_KEY_ALT',
5:06:17 PM:   'STRIPE_WEBHOOK_SECRET',
5:06:17 PM:   'DEV_PRIVATE_KEY',
5:06:17 PM:   'MY_RUBY_HOME',
5:06:17 PM:   'GIMME_NO_ENV_ALIAS',
5:06:17 PM:   'YARN_VERSION',
5:06:17 PM:   'RUBY_VERSION',
5:06:17 PM:   'PWD',
5:06:17 PM:   'rvm_version',
5:06:17 PM:   'CONTEXT',
5:06:17 PM:   'STRIPE_SECRET_KEY',
5:06:17 PM:   'GIMME_CGO_ENABLED',
5:06:17 PM:   'DEV_PRIVATE_KEY_ID',
5:06:17 PM:   'HOME',
5:06:17 PM:   'LANG',
5:06:17 PM:   'FRESH_APIKEY',
5:06:17 PM:   'VIRTUAL_ENV',
5:06:17 PM:   'DEPLOY_URL',
5:06:17 PM:   'COMMIT_REF',
5:06:17 PM:   'DATADOG_HOST',
5:06:17 PM:   'HEAD',
5:06:17 PM:   'DEPLOY_ID',
5:06:17 PM:   'CLIENT_ID',
5:06:17 PM:   'GOROOT',
5:06:17 PM:   'URL',
5:06:17 PM:   'CACHED_COMMIT_REF',
5:06:17 PM:   'GIMME_TYPE',
5:06:17 PM:   'NVM_DIR',
5:06:17 PM:   'NETLIFY',
5:06:17 PM:   'rvm_bin_path',
5:06:17 PM:   'GO_VERSION',
5:06:17 PM:   'GEM_PATH',
5:06:17 PM:   'GIMME_ENV_PREFIX',
5:06:17 PM:   'GEM_HOME',
5:06:17 PM:   'NETLIFY_IMAGES_CDN_DOMAIN',
5:06:17 PM:   'CYPRESS_CACHE_FOLDER',
5:06:17 PM:   'BRANCH',
5:06:17 PM:   'PRIVATE_KEY',
5:06:17 PM:   'RVM_DIR',
5:06:17 PM:   'STRIPE_WEBHOOK_SECRET_ALT',
5:06:17 PM:   'SHLVL',
5:06:17 PM:   'NVM_CD_FLAGS',
5:06:17 PM:   'PULL_REQUEST',
5:06:17 PM:   'REPOSITORY_URL',
5:06:17 PM:   'NETLIFY_SUBSTAGE_TIMES',
5:06:17 PM:   'GIMME_GO_VERSION',
5:06:17 PM:   'rvm_ruby_string',
5:06:17 PM:   'GOCACHE',
5:06:17 PM:   'PIPENV_DEFAULT_PYTHON_VERSION',
5:06:17 PM:   'SITE_ID',
5:06:17 PM:   'SWIFTENV_ROOT',
5:06:17 PM:   'DEPLOY_PRIME_URL',
5:06:17 PM:   'PS1',
5:06:17 PM:   'GATSBY_TELEMETRY_DISABLED',
5:06:17 PM:   'LC_ALL',
5:06:17 PM:   'CUSTOM_RUBY',
5:06:17 PM:   'SITE_NAME',
5:06:17 PM:   'PRIVATE_KEY_ID',
5:06:17 PM:   'PIPENV_RUNTIME',
5:06:17 PM:   'PATH',
5:06:17 PM:   'CI',
5:06:17 PM:   'NVM_BIN',
5:06:17 PM:   'NEXT_TELEMETRY_DISABLED',
5:06:17 PM:   'NODE_VERSION',
5:06:17 PM:   'IRBRC',
5:06:17 PM:   'BUILD_ID',
5:06:17 PM:   'rvm_path',
5:06:17 PM:   'OLDPWD',
5:06:17 PM:   'GOPATH',
5:06:17 PM:   'JAVA_VERSION',
5:06:17 PM:   '_'

EDIT 2: Tried inlining the env vars in functions with the recommended plugin, but it doesn’t do anything either onPreBuild and onBuild.

Also tried removing all functions bar one from the functions folder and deploy again to see whether the amount of times the variables are included in different files counted towards the limit. Same error with only one function. I count 79 env vars in total being used for building, including Netlify’s vars and my 11 vars. There must be something wrong here …

hi there @elhansson ,

good to hear you already know about the 4kb limit (which is something we cannot change, unfortunately). It is not the number of environment variables that is problematic as far as i know, but really just the size.

in your case I am going to assume that the google cloud strings you were referring to bring you to the limit or just below (that would not surprise me at all, i have heard this before) and then your other environment variables kick you over the limit.

here is a thing you could try - you could try creating a second site, removing the google cloud private keys i suspect are the main culprit, include your other 11 env vars, or even make it 13 env vars (as two would normally be “taken up” by the google cloud keys) and see if the build goes through. if it does, stands to reason it is not the number but the size (especially if those other vars are all very short).

would you try this and let me know what happens?

Hi @perry I tried deleting one of the two (long) private keys, and it was enough to make it build again. I didn’t realize these two long keys had such an impact compared to deleting a bunch of other (shorter) keys.

I’m a bit stumped, because it basically means you can’t build anything with a couple of backend Firebase-admin keys (prod and dev) if you also use APIs like Stripe etc. where you really can’t compromise on security.

I haven’t found any realistic workaround so I imagine I have to move my functions from Netlify and over to Google Cloud or similar where env vars can be included separately within each function.

Any other ideas about how this can be done otherwise in a secure way?

hi there, totally get what you are saying -

there are a few other threads in this forum that may contain something helpful (try searching for 4kb)

this seems to be the most in depth one:

i can ask another team member to weigh in, but i am not sure we’ll have anything new to suggest that isn’t mentioned in another thread.

1 Like