.env

Sensitive secrets and tokens should never be checked into your code repository or submitted as part of your app package. In order to protect your secrets, you can use an optional .env file that should not be committed into your code repository (add to .gitignore, for example). If your app does not require global sensitive data, you do not have to include this file.

Add your secrets to the .env file in the root of your app in the following format:

APP_ENV_GLOBAL_SECRET=12345a83hd8blk34jsao2983hlaksd8
APP_ENV_CLIENT_ID=JEdi2hf8vH

🚧

Important

All app environment variables MUST start with APP_ENV_

Then add the same environment variable names to your app.yml under environment:

environment:
  - APP_ENV_GLOBAL_SECRET
  - APP_ENV_CLIENT_ID

This indicates these environment variables are required for your app to run so when you upload your app, the OCP CLI will ensure you included the values in your .env file before uploading the app.

When you upload an app, the OCP CLI reads the environment variable values and uploads them separately and securely to OCP. These values are tied to the current app version you are uploading. After publishing your app, if you want to update the values, you need to prepare a new version of your app with an updated .env file.

If you want to prepare a new version of your app, but do not have access to the correct .env values, you can re-use the previous AppVersion's .env file with: ocp app prepare --use-previous-app-env-values ...

You can access these variables using process.env.APP_ENV_<name>.

Zone Specific .env

In addition to supplying a .env file, developers can provide a .env.\<availablity\> file (for example .env.eu.) These files are processed in the order of .env -> .env.\<availablity\> for value overriding.

Any application using all is not permitted to use an availability specific .env file.