I think yes, and I've seen someone doing this. Do it first thing in the code (before the dependencies are loaded) and make sure subsequent invocations of the same Lambda instance do not depend on it anymore. A bit hacky but sounds like it should work!
For further actions, you may consider blocking this person and/or reporting abuse
Where hackers, sticks, weekend warriors, pros, architects and wannabes come together
What if the entrypoint script modifies
process.env, clearing the secret?Does it stop the attack?
I think yes, and I've seen someone doing this. Do it first thing in the code (before the dependencies are loaded) and make sure subsequent invocations of the same Lambda instance do not depend on it anymore. A bit hacky but sounds like it should work!