Sometimes there are “secret” values or other data that you want to be made available to a Preview, but you don’t want to commit that data to git, and for security reasons, you don’t want to host it somewhere that Tugboat can grab it. These secret values usually include things like API keys to 3rd party services, or values used to encrypt session cookies that need to be unique to Tugboat but shared between your Previews.
Tugboat provides a convenient way of injecting these values into a Preview’s services via custom environment variables. These variables can be found on the Repository Settings page.
Like the other environment variables that Tugboat provides, the variables entered here are available to your Previews both while they are building as well as while they are running.
When you’re working with custom environment variables in Tugboat, you may want to:
For security reasons, you may want to limit the scope of environment variables containing sensitive data to only be available when they are needed. By default, Tugboat’s custom environment variables are always available, but you can define specific times in the build process for these variables to be available.
You can specify scope for environment variable availability in a few ways:
When you go to add or edit a custom environment variable from the Repository Settings screen, you’ll see checkboxes where you can specify the envvar scope.
You can specify
Run-Time Variable, both, or neither.
If you use the Tugboat CLI, you can specify the environment variable availability using arguments on
id=repository_id. The Tugboat CLI takes
runvars arguments for global, build time, and
Global environment variable example:
tugboat update [repository_id] envvars=foo=bar,key=value
Build-time-scoped environment variable example:
tugboat update [repository_id] buildvars=foo=bar,key=value
Runtime-scoped environment variable example:
tugboat update [repository_id] runvars=foo=bar,key=value
If you’re using the API, you can pass an environment variable array, including scope, via the Create a Repository POST or the Update a Repository PATCH endpoints.
Environment variables are good at storing simple string values. However, what if you need to store something more complex, like an encoded JSON string, or the contents of an arbitrary file? One way of accomplishing that is to base64 encode the value, and then decode the value with a configuration file command.
$ cat file | base64 Q2h1Z2dhIENodWdnYSBUdWdib2F0IQo=
Store that value into an environment variable. Then, extract it to a file you can use in your Preview with something like the following:
echo $VAR | base64 -D > /tmp/file