At times your code needs to access sensitive information such as private keys, passwords, and access tokens. You should avoid storing these in your serverless.yml. Seed lets you store them as secret environment variables through the Seed console.

Seed encrypts your secrets (using AWS KMS) and stores them. Upon deployment, Seed decrypts them and sets it as a Lambda environment variable.

You can then access them in your Node.js Lambda functions using the process.env object.

To add a secret, select the stage you are trying to set it for.

Select stage

And hit Settings.

Stage Settings

Select Show Env Variables.

Show Env Variables

Enter the Key and Value for the new secret, and click Add.

Create Secret Variable

Note that the newly created secrets will take effect only after the next deployment to this stage. And these secrets will be available to all the services in your application.

Secret variables take precedence over the other stage variables defined in serverless.yml. If you were to define a secret variable, and the same variable is defined in the yaml file; the value defined in serverless.yml is overridden.

Secrets take precedence over other environment variables

This is useful when you are developing on your local where your Lambda functions are not going to have access to the secrets from the Seed console.

Secrets are available in your build process

For example, we just created a secret variable DB_PASSWORD for the production stage. The same variable is also defined in the serverless.yml.

service: service-name

  name: aws
    DB_PASSWORD: '1234567890'

When invoking your function on any other environment other than production, the process.env.DB_PASSWORD returns the value defined in serverless.yml. And in the case of production it returns the secret value that you had set in the Seed console.

export function main(event, context, callback) {



Finally, you can access your secrets just as you would access any other environment variable in Lambda.