Environment Management

Managing environment variables, secrets, and configuration across environments.

Environment Variable Sources

AWS SSM Parameter Store - Encrypted parameters
Cloudflare Secrets - Worker environment variables
GitHub Secrets - CI/CD credentials

AWS SSM Parameters

Structure

Variables stored in AWS SSM at /app-web/{environment}/. See Reference: Configuration for complete list.

Fetching Parameters

Script: scripts/fetch-ssm-params.sh

./scripts/fetch-ssm-params.sh dev .dev.vars
./scripts/fetch-ssm-params.sh staging .staging.vars
./scripts/fetch-ssm-params.sh production .prod.vars

Adding New Parameter

aws ssm put-parameter \
  --profile ref-prod \
  --name "/app-web/production/NEW_PARAM" \
  --value "param-value" \
  --type "SecureString" \
  --tags Key=Project,Value=app-web Key=Environment,Value=production

Cloudflare Secrets

Upload Secrets

Script: scripts/bulk-upload-secrets.sh

./scripts/bulk-upload-secrets.sh app-web-production .prod.vars "$CLOUDFLARE_API_TOKEN" "$CLOUDFLARE_ACCOUNT_ID"

Manual Secret Upload

echo "secret-value" | npx wrangler secret put SECRET_NAME --env production

Required Variables

See Reference: Configuration for required variables by category (auth, database, JWT, analytics).

Security Best Practices

Never commit secrets to git
Use SSM SecureString type
Rotate secrets regularly
Limit IAM permissions
Audit secret access

Last updated: October 2025

PreviousDeployment Guide NextMonitoring and Observability

Last updated 1 month ago

hashtagEnvironment Variable Sources

hashtagAWS SSM Parameters

hashtagStructure

hashtagFetching Parameters

hashtagAdding New Parameter

hashtagCloudflare Secrets

hashtagUpload Secrets

hashtagManual Secret Upload

hashtagRequired Variables

hashtagSecurity Best Practices

hashtagRelated Documentation