Environment Variables & Secrets
Environment Variables & Secrets
Section titled “Environment Variables & Secrets”Microfn provides a secure way to store and access sensitive configuration values like API keys, database credentials, and other secrets. These values are encrypted at rest and only accessible to your functions at runtime.
How Secrets Work
Section titled “How Secrets Work”- Store secrets in your workspace through the dashboard or API
- Secrets are encrypted and stored securely
- At runtime, secrets are injected as environment variables with
SECRET_prefix - Access via the
@microfn/secretmodule in your functions - Never exposed in logs, error messages, or function responses
Setting Up Secrets
Section titled “Setting Up Secrets”Via Dashboard
Section titled “Via Dashboard”- Navigate to your workspace
- Go to Settings → Secrets
- Click “Add Secret”
- Enter key and value
- Click Save
Accessing Secrets in Functions
Section titled “Accessing Secrets in Functions”Using the Secret Module
Section titled “Using the Secret Module”import secret from "@microfn/secret";
export default async function main() { // Get a secret (returns undefined if not found) const apiKey = await secret.get("API_KEY");
// Get with default value const timeout = await secret.get("TIMEOUT", "5000");
// Get required secret (throws if not found) const dbUrl = await secret.getRequired("DATABASE_URL");
// Check if secret exists const hasStripeKey = await secret.has("STRIPE_KEY");
// Get all secrets with prefix const awsSecrets = await secret.getWithPrefix("AWS_");
return { configured: true };}Direct Environment Access
Section titled “Direct Environment Access”While not recommended, you can access secrets directly:
export default async function main() { // Secrets are prefixed with SECRET_ const apiKey = process.env.SECRET_API_KEY;
// Not recommended - use @microfn/secret module instead return { hasKey: !!apiKey };}Secret Naming Conventions
Section titled “Secret Naming Conventions”Use clear and descriptive names for your secrets.
Common Use Cases
Section titled “Common Use Cases”API Integration
Section titled “API Integration”import secret from "@microfn/secret";
export default async function main(input) { const apiKey = await secret.getRequired("OPENAI_API_KEY");
const response = await fetch("https://api.openai.com/v1/completions", { method: "POST", headers: { "Authorization": `Bearer ${apiKey}`, "Content-Type": "application/json" }, body: JSON.stringify({ model: "gpt-3.5-turbo", messages: [{ role: "user", content: input.prompt }] }) });
return await response.json();}Database Connection
Section titled “Database Connection”import secret from "@microfn/secret";import { createConnection } from 'mysql2/promise';
export default async function main(input) { // Build connection string from secrets const connection = await createConnection({ host: await secret.getRequired("DB_HOST"), port: parseInt(await secret.get("DB_PORT", "3306")), user: await secret.getRequired("DB_USER"), password: await secret.getRequired("DB_PASSWORD"), database: await secret.getRequired("DB_NAME") });
const [rows] = await connection.execute( 'SELECT * FROM users WHERE id = ?', [input.userId] );
await connection.end();
return { user: rows[0] };}