Docs / Apps (Docker & Git) / Configure App Environment Variables

Configure App Environment Variables

Published · Last updated: May 2026 · 2 min read

Who this is for

Users who need to configure environment-specific settings for their app — API keys, database URLs, feature flags, or any runtime configuration value.

How App Environment Variables Work

App environment variables are passed to the Docker container as --env KEY=VALUE flags at run time. For compose apps, they are injected via a .env file or as environment: overrides in the compose configuration.

Security: Variable values are never returned by the API after creation. The app detail and the env list endpoint return only key names. Values can be overwritten but not retrieved.

How to Add or Update Environment Variables

  1. Open the app detail.
  2. Go to the Environment tab.
  3. Click Edit Variables.
  4. Add, modify, or delete key-value pairs.
  5. Click Save.

Saving performs a full replacement — all variables are replaced atomically. Variables not included in the save are deleted.

Apply Changes

After updating environment variables:

  • Container apps: Restart the container to apply. Click Restart in the app overview, or it will apply on the next deploy.
  • Compose apps: Run a redeploy to apply the new env vars.

CloudAIPilot does not automatically restart the container when env vars are saved (to avoid unintended downtime). Always restart or redeploy manually after changes.

Naming Conventions

  • Keys are conventionally UPPERCASE_WITH_UNDERSCORES
  • Keys can only contain letters, numbers, and underscores
  • Values can contain any characters including spaces, URLs, and JSON

Common Variables by App Type

Node.js apps:

NODE_ENV=production
PORT=3000
DATABASE_URL=postgres://user:pass@host:5432/db
REDIS_URL=redis://localhost:6379
SECRET_KEY=...

Python/Django apps:

DJANGO_SETTINGS_MODULE=myapp.settings.prod
SECRET_KEY=...
DATABASE_URL=postgres://...
DEBUG=0

Generic:

LOG_LEVEL=info
APP_URL=https://myapp.example.com

Security Notes

  • Values are never returned by the API after creation. This prevents accidental leakage in logs or API responses.
  • Do not store highly sensitive values (private keys, HSM tokens) as plain env vars — use a secrets manager for those.
  • Env vars are visible to anyone who can run docker inspect on the server. Restrict server access to trusted users.

Related Articles