AWS Amplify
Learn how to sync secrets from Infisical to AWS Amplify.
Prerequisites:
- Infisical Cloud account
- Add the secrets you wish to sync to Amplify to Infisical Cloud
There are many approaches to sync secrets stored within Infisical to AWS Amplify. This guide describes two such approaches below.
Access Infisical secrets at Amplify build time
This approach enables you to fetch secrets from Infisical during Amplify build time.
Create a machine identity
Create a machine identtiy and connect it to your Infisical project. You can read more about how to use machine identities here. The machine identity will allow you to authenticate and fetch secrets from Infisical.
Set the machine identity client ID and client secret as Amplify environment variables
- In the Amplify console, choose App Settings, and then select Environment variables.
- In the Environment variables section, select Manage variables.
- Under the first Variable enter
INFISICAL_MACHINE_IDENTITY_CLIENT_ID
, and for the value, enter the client ID of the machine identity you created in the previous step. - Under the second Variable enter
INFISICAL_MACHINE_IDENTITY_CLIENT_SECRET
, and for the value, enter the client secret of the machine identity you created in the previous step. - Click save.
Install Infisical CLI to the Amplify build step
In the prebuild phase, add the command in AWS Amplify to install the Infisical CLI.
Modify the build command
You can now pull secrets from Infisical using the CLI and save them as a .env
file. To do this, modify the build commands.
Accessing an environment secret during a build is similar to accessing
environment variables, except that environment secrets are stored in
process.env.secrets
as a JSON string.
Was this page helpful?