A function's metadata includes environment variable fields that contain small configurations that help the function execute. These variables can be accessed by any entity with the most basic read-metadata-only permissions, and cannot be encrypted. Lambda runtime makes environment variables available without passing secrets in code or environment variables.
We recommend you remove secrets from unencrypted places, especially if they can be easily accessed, to reduce the risk of exposing data to third parties.
To see the secrets, run the following CLI command:
aws lambda get-function-configuration --region <REGION> --function-name <FUNCTION_NAME> --query Environment.Variables
- Resource: AWS::Lambda::Function
- Argument: Properties.Environment.Variables
Type: AWS::Lambda::Function Properties: ... Environment: Variables: key1: not_a_secret - key2: secret
Updated about 1 month ago