My elastic beanstalk application has several environment variables that are confidential (e.g. API keys, hash secrets, etc.). I would like to configure AWS so that most developers can view and edit config, etc., but they cannot see some of these environment variables. This would be a big overhead if we had to change all this every time the developer leaves, for example.
Because of the game with permissions (at least with the help of Elastic Beanstalk), you can either have full access to the config or not see any of them - and completely removing access means that the developer canโt even perform basic something like of why the deployment failed.
I am wondering if there is another approach to environment variables that can allow me to give developers access to this configuration, but it is not clear that this is very confidential material. Can I put secret env vars in a file on the server?
Is there any other way to do this?
MDalt source share