Skip to main content

Secrets: Environment Variables and Build Args

Shipyard allows you to define secrets (plaintext or hidden) that are injected into your environments. This keeps your project secure so you won't need to worry about storing this data in any of your repositories.

Shipyard injects secrets at:

  1. build time (called build arguments) OR
  2. runtime (called environment variables)


You can add secrets individually:

Or use Batch Upload to set multiple secrets at once.

When batch uploading, copy the contents of your .env file and paste them into the modal.

If you're not using an .env file to store your variables, run something like the following command to output your environment variables to your terminal:

env | grep 'DEV'

This returns all env vars whose key matches DEV. Adjust your search term accordingly.


In addition to allowing users to set custom secrets, Shipyard injects the following secrets into projects by default:

  • SHIPYARD_DOMAIN: The active domain of the project. If the project is a remote deploy and has a custom domain, this is its value. Otherwise the active domain of the project is injected.
  • SHIPYARD_DOMAIN_<SERVICE_NAME>: The active domain of each service will also be injected into each container. If you have no services on a unique domain, these will all match SHIPYARD_DOMAIN.
  • SHIPYARD_EPHEMERAL: true if the project is ephemeral, false if it is a remote deploy.
  • SHIPYARD_COMMIT: The running project's latest commit hash.