Secrets and Environment Variables
We recommend using secrets to securely manage your application's secrets and environment variables in DBOS Cloud. Secrets are key-value pairs that are securely stored in DBOS Cloud and made available to your application as environment variables.
Managing and Using Secrets
You can create or update a secret using the Cloud CLI:
dbos-cloud app secrets create -s <secret-name> -v <secret-value>
For example, to create a secret named API_KEY with value abc123, run:
dbos-cloud app secrets create -s API_KEY -v abc123
When you next redeploy your application, its environment will be updated to contain the API_KEY environment variable with value abc123.
You can access it like any other environment variable:
- Python
- Typescript
key = os.environ['API_KEY'] # Value is abc123
const key = process.env.API_KEY; // Value is abc123
Additionally, you can manage your application's secrets from the secrets page of the cloud console.
Importing Secrets
You can import the contents of a .env file as secrets.
Allowed syntax for the .env file is described here. Note that interpolation is supported but command substitution and encryption are currently not.
Import a .env file with the following command:
dbos-cloud app secrets import -d <path-to-dotenv-file>
For example:
dbos-cloud app secrets import -d .env
Listing Secrets
You can list the names of your application's secrets with:
dbos-cloud app secrets list