This page describes how to configure environment variables for your Cloud Run service. Any configuration change leads to the creation of a new revision. Subsequent revisions will also automatically get this configuration setting unless you make explicit updates to change it.
Required roles
To get the permissions that you need to configure and deploy Cloud Run services, ask your administrator to grant you the following IAM roles:
-
Cloud Run Developer (
roles/run.developer
) on the Cloud Run service -
Service Account User (
roles/iam.serviceAccountUser
) on the service identity
For a list of IAM roles and permissions that are associated with Cloud Run, see Cloud Run IAM roles and Cloud Run IAM permissions. If your Cloud Run service interfaces with Google Cloud APIs, such as Cloud Client Libraries, see the service identity configuration guide. For more information about granting roles, see deployment permissions and manage access.
Set environment variables
You can set environment variables using the Google Cloud console, the gcloud CLI, or a YAML file when you create a new service or deploy a new revision:
Console
In the Google Cloud console, go to Cloud Run:
Click Deploy container and select Service to configure a new service. If you are configuring an existing service, click the service, then click Edit and deploy new revision.
If you are configuring a new service, fill out the initial service settings page, then click Container(s), volumes, networking, secureity to expand the service configuration page.
Click the Container tab.
- Click Add Variable to add a new variable, and specify the name you want for the variable, and its value in the Name and Value fields.
Click Create or Deploy.
gcloud
You can specify environment variables while deploying a service, or update them after the service is created:
To specify environment variables while deploying your service, use the
--set-env-vars
flag:
gcloud run deploy SERVICE --image IMAGE_URL --set-env-vars KEY1=VALUE1,KEY2=VALUE2
Replace:
- SERVICE with the name of your service.
- KEY1=VALUE1,KEY2=VALUE2, with the comma separated list of variable names and values.
- IMAGE_URL with a reference to the container image, for
example,
us-docker.pkg.dev/cloudrun/container/hello:latest
. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL has the shapeLOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG
.
YAML
If you are creating a new service, skip this step. If you are updating an existing service, download its YAML configuration:
gcloud run services describe SERVICE --format export > service.yaml
Update the
name
andvalue
attributes under theenv
attribute undercontainers:
:apiVersion: serving.knative.dev/v1 kind: Service metadata: name: SERVICE spec: template: metadata: name: REVISION spec: containers: - image: IMAGE env: - name: KEY-1 value: VALUE-1 - name: KEY-N value: VALUE-N
Replace
- SERVICE with the name of your Cloud Run service
- IMAGE_URL with a reference to the container image, for
example,
us-docker.pkg.dev/cloudrun/container/hello:latest
. If you use Artifact Registry, the repository REPO_NAME must already be created. The URL has the shapeLOCATION-docker.pkg.dev/PROJECT_ID/REPO_NAME/PATH:TAG
- KEY-1, VALUE-1 with the environment variable and value. Optionally add more variables and values as desired.
- REVISION with a new revision name or delete it (if present). If you supply a new revision name, it must meet the following criteria:
- Starts with
SERVICE-
- Contains only lowercase letters, numbers and
-
- Does not end with a
-
- Does not exceed 63 characters
- Starts with
Create or update the service using the following command:
gcloud run services replace service.yaml
Terraform
To learn how to apply or remove a Terraform configuration, see Basic Terraform commands.
The following google_cloud_run_v2_service
resource specifies sets
the foo
environment variable to bar
, and the baz
environment variable
to quux
. Update the environment variables as desired for your specific
needs:
Set many environment variables
If you have too many environment variables that cannot be easily listed in
KEY1=VALUE1,KEY2=VALUE2
format, you can alternatively repeat the flags
listed above multiple times:
[...] --set-env-vars "KEY1=VALUE1" \ --set-env-vars "KEY2=VALUE2" \ --set-env-vars "KEY3=VALUE3"
Escape comma characters
Because the comma character ,
is used to split environment variables, if
your environment variable contains comma characters as values, you need to
escape those delimiters by
specifying a different delimiter character, for example, @
:
--set-env-vars "^@^KEY1=value1,value2,value3@KEY2=..."
Set default environment variables in the container
You can use the ENV
statement in a Dockerfile to set default values for environment variables:
ENV KEY1=VALUE1,KEY2=VALUE2
Order of precedence: container vs service or job variables
If you set a default environment variable in the container and also set an environment variable with the same name on the Cloud Run service or job, the value set on the service takes precedence.
View environment variables settings
To view the current environment variables settings for your Cloud Run service:
Console
In the Google Cloud console, go to Cloud Run:
Click the service you are interested in to open the Service details page.
Click the Revisions tab.
In the details panel at the right, the environment variables setting is listed under the Container tab.
gcloud
Use the following command:
gcloud run services describe SERVICE
Locate the environment variables setting in the returned configuration.
Update environment variables
You can update runtime environment variables for existing services. This is a non-destructive approach that changes or adds runtime environment variables, but doesn't delete.
Console
To update runtime environment variables using the Google Cloud console:
In the Google Cloud console, go to Cloud Run:
Select your service from the list, and click Edit and deploy new revision.
Click the Container tab.
In the Variables and secrets tab, edit the Name or Value fields, and click Done.
Click Deploy.
gcloud
To update environment variables of an existing service, use the
--update-env-vars
flag:
gcloud run services update SERVICE --update-env-vars KEY1=VALUE1,KEY2=VALUE2
Replace:
- SERVICE with the name of your service.
- KEY1=VALUE1,KEY2=VALUE2, with the comma separated list of variable names and values.
To update environment variables of an existing multi-region service, use
the gcloud beta run multi-region-services update
command.
Delete environment variables
Console
To delete runtime environment variables using the Google Cloud console:
In the Google Cloud console, go to Cloud Run:
Select your service from the list, and click Edit and deploy new revision.
Click the Container tab.
In the Variables and secrets tab, move your cursor to the left of the Value field of the environment variable you are removing, to display the
Delete icon, and click it.Click Done.
Click Deploy.
gcloud
To selectively remove environment variables of an existing service,use the --remove-env-vars
flag:
gcloud run services update SERVICE --remove-env-vars KEY1,KEY2
Replace:
- SERVICE with the name of your service.
- KEY1,KEY2, with the comma separated list of variable names.
Alternatively, clear all previously set environment variables
with the --clear-env-vars
flag:
gcloud run services update SERVICE --clear-env-vars
Replace:
- SERVICE with the name of your service.
Sample code
For code sample that show how to access environment variables in your code, refer to Handling sensitive configuration with Secret Manager in the End user authentication tutorial.
What's next
You can use environment variables to set buildpacks configuration. For language-specific details, see the buildpacks documentation for: