AWS OpsWorks now allows users to define environment variables per application. Instead of creating a custom recipe and managing environment variables as Chef attributes, you define the environment variables on each app and OpsWorks takes care of securely storing and sending the environment variables from your OpsWorks app definition to your instances and adding them to the application server context. All you have to do is reference the environment variables in your application’s code using the methods defined in the Java, Ruby, PHP, and Node.js application servers. The environment variables are passed to the application server during instance setup and can be updated on each application deployment. Environment variables can also be defined as protected values, so that they cannot be read by OpsWorks users. For example, a user can set separate environment variables for database endpoint, username, and password. The password environment variable can be defined as a protected value, so it cannot be viewed in the console, SDK or CLI and is only made available to the defined application.
For more information, see the blog.