mirror of
https://github.com/Infisical/infisical.git
synced 2026-01-06 22:23:53 -05:00
132 lines
6.1 KiB
Plaintext
132 lines
6.1 KiB
Plaintext
---
|
||
title: "AWS Amplify"
|
||
description: "Learn how to sync secrets from Infisical to AWS Amplify."
|
||
---
|
||
|
||
Prerequisites:
|
||
|
||
- Infisical Cloud account
|
||
- Add the secrets you wish to sync to Amplify to [Infisical Cloud](https://app.infisical.com)
|
||
|
||
There are many approaches to sync secrets stored within Infisical to AWS Amplify. This guide describes two such approaches below.
|
||
|
||
## Access Infisical secrets at Amplify build time
|
||
|
||
This approach enables you to fetch secrets from Infisical during Amplify build time.
|
||
|
||
<Tabs>
|
||
|
||
<Tab title="Machine Identity (Recommended)">
|
||
<Steps>
|
||
<Step title="Create a machine identity">
|
||
Create a machine identtiy and connect it to your Infisical project. You can read more about how to use machine identities [here](/documentation/platform/identities/machine-identities). The machine identity will allow you to authenticate and fetch secrets from Infisical.
|
||
</Step>
|
||
|
||
<Step title="Set the machine identity client ID and client secret as Amplify environment variables">
|
||
|
||
1. In the Amplify console, choose App Settings, and then select Environment variables.
|
||
2. In the Environment variables section, select Manage variables.
|
||
3. Under the first Variable enter `INFISICAL_MACHINE_IDENTITY_CLIENT_ID`, and for the value, enter the client ID of the machine identity you created in the previous step.
|
||
4. Under the second Variable enter `INFISICAL_MACHINE_IDENTITY_CLIENT_SECRET`, and for the value, enter the client secret of the machine identity you created in the previous step.
|
||
5. Click save.
|
||
</Step>
|
||
|
||
<Step title="Install Infisical CLI to the Amplify build step">
|
||
In the prebuild phase, add the command in AWS Amplify to install the Infisical CLI.
|
||
|
||
```yaml
|
||
build:
|
||
phases:
|
||
preBuild:
|
||
commands:
|
||
- sudo curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sudo -E bash
|
||
- sudo yum -y install infisical
|
||
```
|
||
</Step>
|
||
|
||
<Step title="Modify the build command">
|
||
You can now pull secrets from Infisical using the CLI and save them as a `.env` file. To do this, modify the build commands.
|
||
|
||
```yaml
|
||
build:
|
||
phases:
|
||
build:
|
||
commands:
|
||
- INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id=${INFISICAL_MACHINE_IDENTITY_CLIENT_ID} --client-secret=${INFISICAL_MACHINE_IDENTITY_CLIENT_SECRET} --silent --plain)
|
||
- infisical export --format=dotenv > .env
|
||
- <rest of the commands>
|
||
```
|
||
</Step>
|
||
</Steps>
|
||
|
||
</Tab>
|
||
|
||
<Tab title="Service Token (Deprecated)">
|
||
|
||
<Steps>
|
||
<Step title="Generate a service token">
|
||
Go to your project settings in the Infisical dashboard to generate a [service token](/documentation/platform/token). This service token will allow you to authenticate and fetch secrets from Infisical. Once you have created a service token with the required permissions, you’ll need to provide the token to the CLI installed in your Docker container.
|
||
</Step>
|
||
<Step title="Set the service token as an Amplify environment variable">
|
||
|
||
1. In the Amplify console, choose App Settings, and then select Environment variables.
|
||
2. In the Environment variables section, select Manage variables.
|
||
3. Under Variable, enter the key **INFISICAL_TOKEN**. For the value, enter the generated service token from the previous step.
|
||
4. Click save.
|
||
</Step>
|
||
<Step title="Install Infisical CLI to the Amplify build step">
|
||
In the prebuild phase, add the command in AWS Amplify to install the Infisical CLI.
|
||
|
||
```yaml
|
||
build:
|
||
phases:
|
||
preBuild:
|
||
commands:
|
||
- sudo curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sudo -E bash
|
||
- sudo yum -y install infisical
|
||
```
|
||
</Step>
|
||
<Step title="Modify the build command">
|
||
You can now pull secrets from Infisical using the CLI and save them as a `.env` file. To do this, modify the build commands.
|
||
|
||
```yaml
|
||
build:
|
||
phases:
|
||
build:
|
||
commands:
|
||
- INFISICAL_TOKEN=${INFISICAL_TOKEN}
|
||
- infisical export --format=dotenv > .env
|
||
- <rest of the commands>
|
||
```
|
||
</Step>
|
||
</Steps>
|
||
|
||
## Sync Secrets Using AWS SSM Parameter Store
|
||
|
||
Another approach to use secrets from Infisical in AWS Amplify is to utilize AWS Parameter Store.
|
||
At high level, you begin by using Infisical's AWS SSM Parameter Store integration to sync secrets from Infisical to AWS SSM Parameter Store. You then instruct AWS Amplify to consume those secrets from AWS SSM Parameter Store as [environment secrets](https://docs.aws.amazon.com/amplify/latest/userguide/environment-variables.html#environment-secrets).
|
||
|
||
<Steps>
|
||
<Step title="Follow the AWS SSM Parameter Store Integration guide">
|
||
Follow the [Infisical AWS SSM Parameter Store Secret Syncs Guide](../secret-syncs/aws-parameter-store) to set up the integration. Pause once you reach the step where it asks you to select the path you would like to sync.
|
||
</Step>
|
||
<Step title="Find your Amplify App ID">
|
||
|
||
1. Open your AWS Amplify App console.
|
||
2. Go to **Actions >> View App Settings**
|
||
3. The App ID will be the last part of the App ARN field after the slash.
|
||
</Step>
|
||
<Step title="Set AWS SSM Parameter Store path">
|
||
You need to set the path in the format `/amplify/[amplify_app_id]/[your-amplify-environment-name]` as the path option in AWS SSM Parameter Infisical Integration.
|
||
</Step>
|
||
</Steps>
|
||
|
||
</Tab>
|
||
</Tabs>
|
||
|
||
<Info>
|
||
Accessing an environment secret during a build is similar to accessing
|
||
environment variables, except that environment secrets are stored in
|
||
`process.env.secrets` as a JSON string.
|
||
</Info>
|