Getting started
Reference
Variables

Variables

Overview

Variables are environment variables and secrets injected into your application containers. They provide configuration, connection strings, API keys, and other settings needed by your application at runtime. Tapitalee supports both plaintext variables and encrypted secrets.

Purpose and Benefits

  • Centralized Configuration: Manage all application settings in one place
  • Secret Management: Encrypted storage for sensitive values via AWS Secrets Manager
  • Automatic Injection: Variables are automatically available in all containers
  • Separation of Concerns: Keep configuration separate from code

CLI Usage

Set Variable 

tapit  set variable <variable_name> <variable_value> [secret=yes]

Sets or updates an environment variable for your application.

Required Parameters

  • variable_name: The name of the environment variable (uppercase by convention)
  • variable_value: The value to set

Optional Parameters

  • secret=yes: Store the value as an encrypted secret in AWS Secrets Manager

Examples 

# Set a regular configuration variable
tapit set variable DATABASE_POOL 10

# Set a secret API key
tapit set variable STRIPE_SECRET_KEY sk_live_abc123 secret=yes

# Set a connection URL
tapit set variable REDIS_URL redis://localhost:6379

Show Variable 

tapit  show variable <variable_name>

Displays the value of a specific environment variable.

Examples 

tapit show variable DATABASE_URL
tapit show variable STRIPE_SECRET_KEY

List Variables 

tapit  list variables

Shows all environment variables configured for your application. Secret values are masked.

Delete Variable 

tapit  delete variable <variable_name>

Permanently removes an environment variable from your application.

Examples 

tapit delete variable OLD_API_KEY
tapit delete variable DEPRECATED_SETTING

Export Variables 

tapit [-a app_name] export variables [secret=yes|no]

Exports all variables in KEY=value format, suitable for piping to a file or importing into another app.

Optional Parameters

  • secret=yes|no: Filter to export only secrets (yes) or only non-secrets (no). If omitted, exports all variables.

Examples 

# Export all variables to a file
tapit export variables > .env

# Export only secrets
tapit export variables secret=yes > secrets.env

# Export only non-secret variables
tapit export variables secret=no > config.env

# Export from a specific app
tapit -a myapp-prod export variables > prod.env

Import Variables 

tapit  import variables [secret=yes] < file_with_KEY=value_entries

Bulk imports variables from a file containing KEY=value pairs (one per line).

Optional Parameters

  • secret=yes: Import all variables as encrypted secrets

Examples 

# Import regular variables from a .env file
tapit import variables < .env

# Import all as secrets
tapit import variables secret=yes < production.env

Clone Variables 

tapit [-a dest_app_name] clone variables <source_app_name> [exclude=KEY1,KEY2] [from_team=team_name]

Copies all variables (including secrets) from a source application to the current application. Useful for setting up new environments or preview apps.

Required Parameters

  • source_app_name: Name of the app to copy variables from

Optional Parameters

  • exclude: Comma-separated list of variable names to skip
  • from_team: Team name if the source app is in a different team

Examples 

# Clone all variables from another app
tapit -a myapp-staging clone variables myapp-prod

# Clone excluding certain keys
tapit -a myapp-dev clone variables myapp-prod exclude=STRIPE_KEY,SENDGRID_KEY

# Clone from a different team
tapit -a myapp clone variables other-app from_team=other-team

Variable Types

Regular Variables

  • Stored as plaintext in the database
  • Suitable for non-sensitive configuration values
  • Examples: PORT, LOG_LEVEL, DATABASE_POOL

Secrets

  • Encrypted using AWS Secrets Manager
  • Suitable for API keys, passwords, tokens
  • Examples: DATABASE_URL, API_SECRET_KEY, SMTP_PASSWORD

System Variables

Tapitalee automatically injects the following TAP_* variables into all app containers. These are read-only and cannot be overridden.

VariableDescription
TAP_APP_NAMEThe name of your application
TAP_APP_DOMAINThe primary domain/hostname of your application
TAP_APP_URLThe full URL of your application (including https://)
TAP_TEAM_NAMEThe name of the team that owns the application
TAP_DEPLOY_NUMBERThe sequential deployment number
TAP_DOCKER_TAGThe Docker image tag being deployed
TAP_PARENT_APPThe name of the parent app (present only for preview apps)

Add-On Variables

When you create add-ons (databases, storage, etc.), Tapitalee automatically injects connection variables:

  • RDS: DATABASE_URL (or custom name)
  • ElastiCache: REDIS_URL (or custom name)
  • S3: S3_BUCKET_<name> and related variables
  • EFS: EFS_MOUNT_POINT (or custom name)
  • DocumentDB: MONGO_URL (or custom name)

Add-on variables are managed automatically and cannot be manually deleted while the add-on exists.

Console SessionCommands