This page describes how to configure environment variables for your Cloud Run service.
You can use environment variables for service configuration, but we don't recommend them as a way to store secrets such as database credentials or API keys. Sensitive values should be stored outside both your source code and outside environment variables. For storing secrets, we recommend that you use Secret Manager. To configure services for accessing secrets stored in Secret Manager, see Configure secrets.
Any configuration change leads to the creation of a new revision. Subsequent revisions will also automatically get this configuration setting unless you make explicit updates to change it.
Required rolesTo get the permissions that you need to configure and deploy Cloud Run services, ask your administrator to grant you the following IAM roles:
roles/run.developer) on the Cloud Run serviceroles/iam.serviceAccountUser) on the service identityFor a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run service interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.
Warning: If your Cloud Run service uses service identity to authenticate access to Google Cloud APIs, never setGOOGLE_APPLICATION_CREDENTIALS as an environment variable on a Cloud Run service. Always configure a user-managed service account instead. Maximum number of environment variables and limits
You can set a maximum of 1000 environment variables for a Cloud Run service.
The maximum variable length is 32 Kb.
Set environment variablesYou can set environment variables for new and existing services. Note that the --set-env-vars flag is a destructive action that deletes previously set environment variables not included in the new list of environment variables.
Environment variables are bound to a specific service revision and are not visible to other services in your Google Cloud project.
You can set environment variables using the Google Cloud console, the gcloud CLI, or a YAML file when you create a new service or deploy a new revision:
ConsoleIn the Google Cloud console, go to Cloud Run:
Select Services from the menu, and click Deploy container to configure a new service. If you are configuring an existing service, click the service, then click Edit and deploy new revision.
If you are configuring a new service, fill out the initial service settings page, then click Container(s), Volumes, Networking, Security to expand the service configuration page.
Click the Container tab.
Click Create or Deploy.
gcloud run deploy, and have the required roles granted to you.
To specify environment variables when you deploy your service, use the --set-env-vars flag:
gcloud run deploy SERVICE --image IMAGE_URL --set-env-vars KEY1=VALUE1,KEY2=VALUE2
Replace the following:
us-docker.pkg.dev/cloudrun/container/hello:latest. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL follows the format of LOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG .For more information on how to set multiple environment variables or escape special characters, see Set multiple environment variables.
YAMLIf you are creating a new service, skip this step. If you are updating an existing service, download its YAML configuration:
gcloud run services describe SERVICE --format export > service.yaml
Update the name and value attributes under the env attribute under containers::
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: SERVICE
spec:
template:
metadata:
name: REVISION
spec:
containers:
- image: IMAGE
env:
- name: KEY-1
value: VALUE-1
- name: KEY-N
value: VALUE-N
Replace the following:
us-docker.pkg.dev/cloudrun/container/hello:latest. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL follows the format of LOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG .SERVICE---Create or update the service using the following command:
gcloud run services replace service.yaml
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
Add the following to agoogle_cloud_run_v2_service resource in your Terraform configuration:
The preceding google_cloud_run_v2_service resource specifies sets the foo environment variable to bar, and the baz environment variable to quux. Update the environment variables as necessary.
You can use the ENV statement in a Dockerfile to set default values for environment variables:
ENV KEY1=VALUE1,KEY2=VALUE2Order of precedence: container versus service variables
If you set a default environment variable in the container and also set an environment variable with the same name on the Cloud Run service, the value set on the service takes precedence.
Set multiple environment variablesYou can set multiple environment variables by using the .env file or the --set-env-vars flag.
.env file
Preview — Set multiple environment variables using the .env file
This feature is subject to the "Pre-GA Offerings Terms" in the General Service Terms section of the Service Specific Terms. Pre-GA features are available "as is" and might have limited support. For more information, see the launch stage descriptions.
ConsoleIn the Google Cloud console, go to Cloud Run:
Select Services from the menu, and click Deploy container to configure a new service. If you are configuring an existing service, click the service, then click Edit and deploy new revision.
If you are configuring a new service, fill out the initial service settings page, then click Container(s), Volumes, Networking, Security to expand the service configuration page.
Click the Container tab.
.env file into the Name field. Cloud Run automatically populates the Value field, and creates new variables for each key-value pair you define in the .env file.Click Create or Deploy.
To specify multiple environment variables from the .env file, run the following command:
gcloud beta run deploy SERVICE --image=IMAGE_URL --env-vars-file=ENV_FILE_PATH
Replace the following:
us-docker.pkg.dev/cloudrun/container/hello:latest. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL follows the format of LOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG ..env file.--set-env-vars flag
If you have multiple environment variables that cannot be listed in
KEY1=VALUE1,KEY2=VALUE2
format, you can repeat the
--set-env-vars
flag multiple times:
[...] --set-env-vars "KEY1=VALUE1" \ --set-env-vars "KEY2=VALUE2" \ --set-env-vars "KEY3=VALUE3"Escape comma characters
Because the comma character
,
is used to split environment variables, if your environment variable contains comma characters as values, you need to
escapethose delimiters by specifying a different delimiter character, for example,
@
:
--set-env-vars "^@^KEY1=value1,value2,value3@KEY2=..."Update environment variables
You can update environment variables for existing services. This is a non-destructive approach that changes or adds environment variables, but doesn't delete previously set environment variables.
ConsoleTo update environment variables using the Google Cloud console:
In the Google Cloud console, go to Cloud Run:
Select your service from the list, and click Edit and deploy new revision.
Click the Container tab.
In the Variables and secrets tab, edit the Name or Value fields, and click Done.
Click Deploy.
gcloud run deploy, and have the required roles granted to you.
To update environment variables of an existing service, use the --update-env-vars flag:
gcloud run services update SERVICE --update-env-vars KEY1=VALUE1,KEY2=VALUE2
Replace the following:
To update environment variables of an existing multi-region service, use the gcloud beta run multi-region-services update command.
To view the current environment variables settings for your Cloud Run service:
ConsoleIn the Google Cloud console, go to Cloud Run:
Click the service you are interested in to open the Service details page.
Click the Revisions tab.
In the details panel at the right, the environment variables setting is listed under the Container tab.
Use the following command:
gcloud run services describe SERVICE
Locate the environment variables setting in the returned configuration.
You can delete environment variables for existing services.
ConsoleTo delete environment variables using the Google Cloud console:
In the Google Cloud console, go to Cloud Run:
Select your service from the list, and click Edit and deploy new revision.
Click the Container tab.
In the Variables and secrets tab, move your cursor to the left of the Value field of the environment variable you are removing, to display the delete Delete icon, and click it.
Click Done.
Click Deploy.
gcloud run deploy, and have the required roles granted to you.
To selectively remove environment variables of an existing service,use the --remove-env-vars flag:
gcloud run services update SERVICE --remove-env-vars KEY1,KEY2
Replace the following:
Alternatively, clear all previously set environment variables with the --clear-env-vars flag:
gcloud run services update SERVICE --clear-env-vars
Replace SERVICE with the name of your service.
Best practicesThe following section highlights some of the best practices for configuring environment variables.
Reserved environment variables for servicesThe environment variables defined in the container runtime contract are reserved and cannot be set. In particular, the PORT environment variable is injected inside your container by Cloud Run. You shouldn't set it yourself.
Cloud Run sets the following runtime environment variables automatically when deploying functions:
FUNCTION_TARGET: The function to be executed.FUNCTION_SIGNATURE_TYPE: The type of the function: http for HTTP functions, and event for event-driven functions.Some additional environment variables are automatically set depending on the runtime your function uses. These are based on the runtime's operating system, for example, DEBIAN_FRONTEND, SHLVL, or PATH and the language runtime for example, NODE_ENV, VIRTUAL_ENV, or GOPATH.
Environment variables that are provided by the environment, other than the ones that are set automatically, might change in future runtime versions. As a best practice, we recommend that you don't depend on or modify any environment variables that you haven't set explicitly.
Modifying environment variables that are provided by the environment might lead to unpredictable outcomes. Attempts to modify such environment variables could be blocked or, worse, lead to unintended consequences such as functions that cannot start. As a best practice, consider prefixing any environment variables with a unique key to avoid conflicts.
Invalid environment variablesYou can't use the following environment variables:
Key Description Empty ('') Keys can't be an empty string.= Keys can't contain the '=' character. X_GOOGLE_ Keys can't contain the prefix X_GOOGLE_. Sample code
For code sample that show how to access environment variables in your code, refer to Handling sensitive configuration with Secret Manager in the End user authentication tutorial.
What's nextYou can use environment variables to set buildpacks configuration. For language-specific details, see the buildpacks documentation for:
If you are deploying from source and need to customize variables at build time, see Set build environment variables.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4