# Environment Variables Setup

This project uses AWS Secrets Manager to manage environment variables securely.

## Prerequisites

1. **AWS CLI installed**: Download and install from [AWS CLI documentation](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)

2. **AWS SSO Profile**: Make sure the `portal1` profile is configured in your AWS config

3. **Access to the secret**: Ensure your AWS account has permission to read the `design-system/env` secret in AWS Secrets Manager

## Fetching Environment Variables

Run the following command to fetch all environment variables from AWS Secrets Manager and create a local `.env` file:

```bash
yarn fetch-env
```

This command will:
- Check if your AWS credentials are valid
- Automatically refresh expired SSO tokens using `ssocreds`
- Connect to AWS Secrets Manager using the `portal1` profile
- Fetch the secret named `design-system/env` from `us-east-1`
- Create a `.env` file in the project root with all the environment variables

## Automatic SSO Token Management

The script includes automatic handling of AWS SSO tokens:
- If your SSO token has expired, it will automatically attempt to refresh it using `ssocreds`
- If `ssocreds` is not installed, it will attempt to install it globally
- If automatic refresh fails, it will provide manual instructions

## Troubleshooting

### AWS CLI not found
If you get an error about AWS CLI not being found, install it following the [official guide](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).

### Portal1 profile not found
If you get an error about the portal1 profile not being found, configure it by running:
```bash
aws configure sso --profile portal1
```

### Access denied
If you get an access denied error, contact your AWS administrator to grant you read access to the `design-system/env` secret.

## Security Notes

- The `.env` file is automatically ignored by git (included in `.gitignore`)
- Never commit the `.env` file to version control
- Environment variables are stored securely in AWS Secrets Manager
- Access to secrets is managed through AWS IAM policies

## Adding/Updating Environment Variables

To add or update environment variables:
1. Update the `design-system/env` secret in AWS Secrets Manager (via AWS Console or CLI)
2. Run `yarn fetch-env` to fetch the updated variables

## Example Secret Format in AWS

The secret in AWS Secrets Manager should be stored as a JSON object:

```json
{
  "API_KEY": "your-api-key",
  "DATABASE_URL": "your-database-url",
  "FIGMA_TOKEN": "your-figma-token"
}
```