Logo

Usage Examples

AWS Lambda

Lambda functions read environment variables that were set at deploy time. EnvVault generates the JSON envelope that AWS expects, so you can ship secrets to Lambda from a single command in your CI pipeline.

One-Off Update

# Generate the env envelope
envv serverless --platform=aws -e production -o lambda-env.json

# Apply it
aws lambda update-function-configuration \
  --function-name my-function \
  --environment file://lambda-env.json

CI Pipeline (GitHub Actions)

# .github/workflows/deploy.yml
- name: Sync env to Lambda
  env:
    ENVVAULT_TOKEN: ${{ secrets.ENVVAULT_TOKEN }}
    ENVVAULT_PROJECT: proj_xxx
    AWS_REGION: us-east-1
  run: |
    envv serverless --platform=aws -e production -o lambda-env.json
    aws lambda update-function-configuration \
      --function-name my-function \
      --environment file://lambda-env.json
    rm lambda-env.json

Runtime SDK Reads

For values that should be fetched at runtime (e.g. on cold start, allowing rotation without redeploy), use the language SDK in the handler:

import { EnvVault } from '@envvault/sdk'
const ev = new EnvVault({ environment: 'production' })

export const handler = async (event) => {
  const stripeKey = await ev.secrets.get('STRIPE_SECRET_KEY')
  // ...
}

Set ENVVAULT_TOKEN on the function config (the only env var Lambda needs to bootstrap).