Configuration
Defang allows you to configure your application using environment variables. You can set environment variables in your compose.yaml
file, or in your Pulumi program.
Sensitive Config (aka Secrets)
The Defang CLI allows you to securely store sensitive information such as API keys, passwords, and other credentials. To do so, run:
# Set a configuration value called API_KEY
defang config set API_KEY
You can use sensitive config by specifying them in the environment
section of a service in a compose.yaml
file without any value, or by specifying an environment key with a null
value in your Pulumi code.
services:
service1:
image: image1:latest
environment:
- API_KEY
You can also use this syntax:
services:
service1:
image: image1:latest
environment:
API_KEY:
Use the defang config
command of the Defang CLI to manage the values.
You can find a sample of how to set sensitive config values here.
Interpolation
Environment variables are set within the environment section of a service in a compose.yaml
file. Any variables declared here will become available within the service container.
Variables can be set by assigning a literal value, a reference to a configuration value, or a mix of literal and variable references. Variable references are declared using either ${variable_name} or $variable_name forms. It is recommended to use the bracketed form. By interpolating over variable references within a string we can construct complex strings. Interpolation may be particularly useful when constructing connection strings to other services.
service:
environment:
- USER_PASSWORD // configuration variable
- USER_NAME // configuration variable
- CONNECT=dbservice:${USER_NAME}:${USER_PASSWORD}@example.com:9876
In the example above, if we assume the value of the configuration variable USER_PASSWORD is password then the value assigned to CONNECT will resolve to dbservice:alice:password@example.com:9876
During defang compose up
all variable references will be replaced with the actual value and made available in the container. If any referenced variable is not found the defang compose up
command will be canceled.
Using Config with Pulumi
In Defang, using config with Pulumi gives you the advantage of being able to manage your environment variables across different environments using Pulumi stacks.
You can find a sample of how to set environment variables with Pulumi here.
Connecting Services
If you have created a service before a secret you can connect it by running the defang compose start
command if using the defang compose
workflow. If you are using the Pulumi-based workflow you will need to redeploy using Pulumi.
Providers
Here are the different ways sensitive config values are stored depending on the provider you are using: