Manage Environment Variables
This guide covers how to add, update, and manage environment variables for services deployed on Clank. Environment variables let you pass configuration to your application at runtime — database URLs, API keys, feature flags, and anything else your app reads from the environment.
How environment variables work in Clank
Section titled “How environment variables work in Clank”Environment variables are configured per service. When a deployment runs, Clank snapshots the current set of variables and injects them into the container. The application sees them as standard environment variables (accessible via process.env in Node.js, os.environ in Python, etc.).
Adding environment variables
Section titled “Adding environment variables”From the dashboard
Section titled “From the dashboard”- Open the service in the dashboard.
- Go to the Environment tab.
- Click Add Variable.
- Enter a key (e.g.,
DATABASE_URL) and a value. - Choose whether the variable is a secret (see below).
- Click Save.
Bulk create
Section titled “Bulk create”To add multiple variables at once, click Bulk Add in the Environment tab. Paste your variables in KEY=value format, one per line:
DATABASE_URL=postgres://user:pass@db:5432/myappREDIS_URL=redis://redis:6379/0LOG_LEVEL=infoClank parses each line and creates the variables. Lines starting with # are ignored.
From the API
Section titled “From the API”You can also manage environment variables through the REST API. See the API reference for the POST /api/services/{service_id}/env-vars and related endpoints.
Secrets vs. non-secret variables
Section titled “Secrets vs. non-secret variables”Every variable has an is_secret flag that controls how it is stored and displayed.
| Non-secret | Secret | |
|---|---|---|
| Storage | Stored in the database | Encrypted at rest with Fernet |
| Dashboard display | Value shown in full | Value shown as ******** |
| Reveal | Always visible | Requires explicit click to reveal (rate-limited) |
| Injected at runtime | Yes, as a plain environment variable | Yes, as a plain environment variable |
Both types are injected identically into the container at deploy time. The distinction only affects how the value is stored and displayed in the dashboard and API responses.
Editing and deleting variables
Section titled “Editing and deleting variables”To edit a variable, click the edit icon next to it in the Environment tab, change the key or value, and save. To delete, click the delete icon and confirm.
Remember: changes take effect only after a new deployment.
Revealing secrets
Section titled “Revealing secrets”Secret values are redacted in the dashboard and API responses by default. To view a secret value:
- Click the reveal icon next to the redacted value.
- The value is shown temporarily.
Reveal requests are rate-limited to prevent abuse. If you need to reference a secret frequently, consider storing it in a local password manager as well.
Common patterns
Section titled “Common patterns”Database connection strings:
DATABASE_URL=postgres://user:password@db-host:5432/mydbMark as secret since it contains credentials.
Feature flags:
ENABLE_SIGNUPS=trueMAINTENANCE_MODE=falseNon-secret. Safe to leave visible.
Third-party API keys:
STRIPE_SECRET_KEY=sk_live_...SENDGRID_API_KEY=SG...Mark as secret.
Next steps
Section titled “Next steps”- Set Up a Custom Domain — point your own domain at a deployed service
- Troubleshoot Deployment Failures — diagnose common deployment problems