Web Services

Environment variables

Store configuration and secrets for your services.

Every service in Appentic has its own set of environment variables. They're injected at runtime and available via the standard mechanism for your language: process.env in Node.js, os.environ in Python, os.Getenv in Go, and so on. If your app already reads DATABASE_URL in local development, it'll read the same variable on Appentic without any code changes.

Setting variables

From your service's Environment tab, click Add variable and enter a key and value. Appentic will trigger a redeploy so the service picks up the change. Redeploys after an env-var edit are fast because the build layer is cached: only the runtime container restarts.

You can also bulk-import variables from a .env file. Paste the file contents into the bulk import dialog and Appentic will parse each KEY=value line and add them all at once, which is the fastest way to move from local dev to a first deploy.

Secrets

Values marked as secret are encrypted at rest and redacted from logs and the dashboard UI. Use secrets for API keys, database passwords, signing keys, webhook signing secrets, and anything else you wouldn't paste into a public issue.

Once a secret is saved you can rotate it but not read it back. This is intentional: if an attacker gains dashboard access, they still can't exfiltrate your secrets. If you need to see a value, keep a copy in your own password manager.

Build-time vs runtime

By default, variables are available both at build time (to your build command) and at runtime (to your running service). Most of the time that's what you want.

If you need a value at build time only (say, a private npm token for fetching packages) mark it build-only so it's excluded from the runtime environment. This keeps build secrets out of the running container where they could accidentally end up in logs or error reports.

Injected resource credentials

Resources you provision inside a project (PostgreSQL databases, key-value stores) inject their connection details into every service in the same project automatically. You never type these in by hand, and they're never stale.

For PostgreSQL you'll see DATABASE_URL, PGHOST, PGPORT, PGUSER, PGPASSWORD, PGDATABASE. For the key-value store you'll see REDIS_URL, REDIS_HOST, REDIS_PORT, REDIS_PASSWORD. See Resources for the full list and how injection works.

Create a web service

Deploy an HTTP service from a GitHub repository.

Custom domains

Attach your own domain to a web service with automatic TLS.

On this page

Setting variablesSecretsBuild-time vs runtimeInjected resource credentials