Environment Variable & Secrets
Qovery makes Environment Variables available to your services at runtime, as well as during builds and deploys.
If your projects and applications rely on sensitive data like credentials, API keys, certificates, Qovery offers you a way to store them as a Secret. Secrets are special environment variable safely encrypted, and their values can not be retrieved via Qovery API - they are only accessible for your application during build and runtime.
Qovery automatically generates for you some special environment variable (called BUILT_IN) which allows you to setup your service interconnection. See the BUILT_IN Section section.
Environment Variable definition
Qovery supports two types of environment variables:
- Variable: classic key/value pairs where the
valuecan be retrieved at build and run time by using itsname(key). - Variable as File: key/value/path triplets where the
valuewill be stored as a file on the specifiedpath. Your application can then retrieve thepathof the file at run time by using the variablename(key). Only text files are supported.
For each environment variable, you can also define:
- A scope: the accessibility level of this variable: application, environment, project (see scopes section below)
- A secret flag: it determines if the variable value needs to be encrypted and should be accessed ONLY by your applications (no access via the API/UI)
Scopes
There are three scopes for the Environment Variables:
| Scope | Level | Description |
|---|---|---|
| PROJECT | 1 | Variables at the project level are shared across all environments and all applications of the project |
| ENVIRONMENT | 2 | Variables at the environment level are shared across all applications of the project in one, given environment |
| APPLICATION | 3 | Variables available for one application in one environment |
BUILT_IN variables
Qovery automatically generates some variables (called BUILT_IN) which allow you to easily configure your service interconnection or to access some of the environment/application information.
By default, every environment contains the following BUILT_IN variables:
| Name | Description |
|---|---|
| QOVERY_PROJECT_ID | Current project ID |
| QOVERY_ENVIRONMENT_ID | Current environment ID |
| QOVERY_APPLICATION_ID | Current service ID (for application with source = git repository) |
| QOVERY_CONTAINER_ID | Current service ID (for application with source = container registry) |
| QOVERY_JOB_ID | Current service ID (for lifecycle job and cronjob) |
| QOVERY_CLOUD_PROVIDER_REGION | Cloud provider region of the Kubernetes cluster running this environment |
| QOVERY_KUBERNETES_NAMESPACE_NAME | Namespace used in Kubernetes to run the application of this environment |
| QOVERY_KUBERNETES_CLUSTER_NAME | Name of the Kubernetes cluster running this environment |
For any service within your environment (database, application, job), your application get access to a set of BUILT_IN variables. These can be used, to configure the interconnection between your services.
Naming Convention:
We use the following naming convention for additional built-in variables:
QOVERY_<SERVICE_TYPE>_<SERVICE_ID>_<SPEC>
For more information on how to use the BUILT_IN environment variables to:
- connect to a database, have a look at this section.
- connect to another service, have a look at this section.
Aliases and overrides
For a given environment variable, you can create aliases and overrides:
- Alias: it defines an alias for the environment variable. You can access its value by its original name or by its alias name.
- Override: it overrides the value of the environment variable. Example: you have an environment variable with scope = project having a particular value but you want to define a special value only for one environment. Instead of creating a separate environment variable only for that project, you can create an override of that variable within the environment requiring the special value.
Variables Interpolation
You can define an environment variable as a composition of text and other environment variables value (environment variables interpolation). For example, you can define your APP_URL environment variable as a composition of your HOST_URL and HOST_PORT in this way:
- Name = APP_URL
- Value =
https://{{HOST_URL}}:{{HOST_PORT}}
Important information on this feature:
- the pattern used is
{{VAR_NAME}} - if a referenced variable doesn't exist, it is replaced by an empty string
- composition coherency using built in variables is kept when cloning an environment. Example: you can create a variable APP_URL = https://{{QOVERY_APPLICATION_ZEC0A2975_HOST_INTERNAL}} and when the environment is cloned, the "ZEC0A2975" is replaced with the right ID.
- there is no check at creation / edition / deletion if the referenced variable doesn't exist
- "inner replacements" are not supported (e.g VAR_1 = {{VAR_2}} and VAR_2={{VAR_3}} )
Naming Rules
- Environment variable name should use only alphanumeric characters and the underscore character (_) to ensure they are accessible from all programming languages. Environment variable keys should not include the hyphen character.
- Environment variable name should not begin with a double underscore (__).
- An environment variable’s name should not begin with QOVERY_ unless it is set by the Qovery platform itself.
Create an Environment Variable
Navigate to Console
Select your project, environment and application
Select
Environment Variablestab in the left panel and clickNew Variablebutton. Select if you want to create a classic environment variable or an environment variable as file.
Select the name, value and scope of your new environment variable
If the variable you are trying to create is a Variable as File, define the
Pathwhere the file should be stored. Remember that in this case theValuefield should contain the content of your file. If the variable you are trying to create is a Secret, select theSecretcheckbox.
Delete an Environment Variable
Navigate to Console
Select your project, environment and application
Select the
Environment Variablestab in the left panelSelect variable you want to delete and click the
Deletebutton from the submenu:
Update an Environment Variable
Navigate to Console
Select your project, environment and application
Select the
Environment Variablestab in the left panelSelect variable you want to update and click the
Editbutton from the submenu:
Update the variable in the popup window
Note: if the variable is a Secret, you won't be able to see its value
Override Environment Variable
If you want to override a value of an environment variable, follow those steps:
Navigate to Console
Select your project, environment and application
Select the
Environment Variablestab in the left panelSelect variable you want to override and click the
Overridebutton from the submenuSelect the override the variable and its scope in the popup window
Alias Environment Variable
You can create an alias for the existing environment variable.
Let's suppose that your application requires a DATABASE_URL variable. Qovery provides your application with the QOVERY_DATABASE_MY_POSTGRESQL_3498225_URL variable with a database password.
Instead of copy-pasting its value, you can create an alias to QOVERY_DATABASE_MY_POSTGRESQL_3498225_URL.
Navigate to Console
Select your project, environment and application
Select the
Environment Variablestab in the left panelSelect variable you want to alias and click the
Aliasbutton from the submenu:Define the alias of the variable and its scope in the popup window
Import environment variables
You can add a set of environment variables into Qovery by importing an .env file. The .env file contains a list of your environment variables, in a MY_KEY = VALUE format.
To import environment variables into your Qovery environment, follow the steps below.
On an application page, click on the
Environment variabletabs >Importbutton.
Drag & Drop the
.envfile into the modal, or click on the interface to open the file explorer.The file is loaded and a new modal is displayed, where you can configure the import of your variables.
Overwrites variables
When this option is enabled, if an existing variable and an imported variable share the same name, the existing value will be overwritten by the imported one. If the option is disabled, the imported value will be ignored. However, to avoid conflicts in the architecture of your environment variables, some of them will intentionally not be imported. To understand how we handle conflicts, please take a look to the Importation conflicts section.
Configure variables import
On this modal, you can define for each variable the following parameters:
- name: upate variable name
- Value: update variable value
- Scope: Specify the scope in which you want to import the variable
- Secret: Specify if this value is considered as a secret or not
Preset variables
To help you import a large number of variables quickly, you can predefine scope and secret settings. This will change the scope and secret value of all listed variables. If the secret and scope of one or more specific variables are subsequently updated, this will not change the predefined setting.
When you have finished the configuration, click on the
Importbutton.A pop-up message is displayed to inform you that your environment variables have been imported.
Importation conflicts
To avoid conflicts between already existing and imported environment variables, some of them will not be imported, even if the overwrite option is activated. The different cases are described below.
Imported variable has same name as BUILT_IN variable
| Type | Name | Value | Scope |
|---|---|---|---|
| Existing variables | |||
| VALUE | MY_VAR | 42 | Built_in |
| Variables to import | |||
| VALUE | MY_VAR | 10 | Application |
Built_in environment variables are generated and managed by Qovery and will not be overwritten, even if the overwriting option is activated.
Imported variable has same name as an existing ALIAS
| Type | Name | Value | Scope |
|---|---|---|---|
| Existing variables | |||
| VALUE | MY_VAR | 42 | Environment |
| ALIAS | MY_VAR_ALIAS | MY_VAR | Application |
| Variables to import | |||
| VALUE | MY_VAR_ALIAS | 10 | Application |
The value cannot be rewritten because the link between the original variable and the alias would be lost.
Imported variable has same name as an existing secret (or vice versa)
| Type | Name | Value | Scope | Secret |
|---|---|---|---|---|
| Existing variables | ||||
| VALUE | MY_VAR | 1 | Application | Ye |
| Variables to import | ||||
| VALUE | MY_VAR | 2 | Application | No |
The value cannot be imported because this will overwrite the existing secret.
Overwriting and limitations
Some overwriting cases are not supported for now. They are summarized in the following table.
| Existing variable scope | Imported variable scope | Supported |
|---|---|---|
| PROJECT | PROJECT / ENVIRONMENT / APPLICATION | YES |
| ENVIRONMENT | PROJECT | NO |
| ENVIRONMENT | ENVIRONMENT / APPLICATION | YES |
| APPLICATION | PROJECT / ENVIRONMENT | NO |
| APPLICATION | APPLICATION | YES |
Service interconnection
Connecting to a database
To access a database managed by Qovery from your application, you can use the BUILT_IN environment variables and secrets that have been automatically created by Qovery during the database creation process. You can find all the BUILT_IN variables on the Qovery console within the Environment Variable section of your application (see the credentials and connectivity section for the full list).
In order to match the naming convention of the database connection variables used within your code, you can create an alias for each variable in the Qovery console so that you don't need to change your code.
Once you have defined an alias for each variable, you can redeploy the application and check that it has finally access to the database.
Example
You have created a postgres database on the Qovery console. Within the code of your application you need some environment variables containing the connection parameters of the database: DATABASE_URL, DATABASE_USER, DATABASE_PASSWORD, DATABASE_PORT, DATABASE_NAME
DB_NAME = os.getenv("DATABASE_NAME", "nemo")DB_USER = os.getenv("DATABASE_USER", "nemo")DB_PASSWORD = os.getenv("DATABASE_PASSWORD", "password")DB_HOST = os.getenv("DATABASE_HOST", "localhost")DB_PORT = os.getenv("DATABASE_PORT", "5432")
To match your internal naming convention, you can create aliases for each of the corresponding variables in this way:
Connecting to another application
To access another application managed by Qovery, you can use the BUILT_IN environment variables that have been automatically created by Qovery during the creation of that particular application. You can find all the BUILT_IN variables on the Qovery console within the Environment Variable section of your application.
Please note that two BUILT_IN might exist:
QOVERY_APPLICATION_<APPID>_HOST_INTERNAL: it contains the INTERNAL host of the application that can be used inside your Kubernetes cluster (and thus by any application running on it)QOVERY_APPLICATION_<APPID>_HOST_EXTERNAL: it contains the EXTERNAL host of the application that can be used to reach your application from outside your Kubernetes cluster (if the application is publicly exposing one of its ports)
In order to match the naming convention of the connection variables used within your code, you can create an alias for the HOST_INTERNAL variable so that you don't need to change your code.
Once you have defined an alias for each variable, you can redeploy the application and check that it can reach the other application.
Example
You have created a backend application on the Qovery console and a BUILD_IN variable has been created containing the application HOST called QOVERY_APPLICATION_Z9D8DAA08_HOST_INTERNAL. Within the code of your front-end application you need some environment variables containing the host of the backend application (BACKEND_HOST)
To match your internal naming convention, you can create alias for the corresponding variable in this way:
