Secure your Environment Variables
You can get variables directly from AWS Parameter Store using the gothic.SSMParam(...) builder, which resolves the parameter at deploy time so the secret never lives in your config. If the parameter holds a JSON blob, chain .Get("jsonKey") to pull a single field. Set it under any stage's ENV as shown below.
Stages: map[string]gothic.Stage{
"dev": {
ENV: map[string]gothic.EnvValue{
"MyEnvVar1": gothic.SSMParam("/gothicframework/dev/my-env-var-1"),
},
},
"qa": {
ENV: map[string]gothic.EnvValue{
"MyEnvVar1": gothic.SSMParam("/gothicframework/qa/my-env-var-1"),
},
},
"prod": {
ENV: map[string]gothic.EnvValue{
"MyEnvVar1": gothic.SSMParam("/gothicframework/prod/my-env-var-1"),
},
},
},Did you like this session of how to deploy your app with secure environment variables per stage? Check out how to keep secrets in AWS Secrets Manager next!
