Skip to main content
Environment variables are encrypted at rest and injected into your app’s container on every deploy. Set them from the CLI — no dashboard needed.

Set a variable

floo env set DATABASE_URL=postgres://user:pass@host:5432/db --app my-app

Set DATABASE_URL for my-app
Value: postgres://us...***
Keys are automatically uppercased. Values are encrypted with Fernet before storage.

List variables

floo env list --app my-app

Environment variables for my-app:
  DATABASE_URL    postgres://us...***
  REDIS_URL       redis://...***
  API_SECRET      sk-...***
Values are masked in output. The full values are only available inside the running container.

Remove a variable

floo env remove DATABASE_URL --app my-app

How it works

  1. You set a variable with floo env set
  2. The value is encrypted at rest in the floo database
  3. On deploy, all env vars are decrypted and injected into the Cloud Run container
  4. Your app reads them with process.env.KEY (Node), os.environ["KEY"] (Python), or os.Getenv("KEY") (Go)

Best practices

  • Don’t commit secrets. Use floo env set instead of .env files in your repo.
  • Use descriptive key names. DATABASE_URL, REDIS_URL, STRIPE_SECRET_KEY.
  • One variable per command. floo env set takes a single KEY=VALUE pair.

For agents

# Set a variable
floo env set DATABASE_URL=postgres://... --app my-app --json

# List all variables
floo env list --app my-app --json 2>/dev/null | jq '.data.env_vars'

# Remove a variable
floo env remove API_SECRET --app my-app --json
JSON output for env list: 
{
  "success": true,
  "data": {
    "env_vars": [
      { "key": "DATABASE_URL", "masked_value": "postgres://us...***" },
      { "key": "REDIS_URL", "masked_value": "redis://...***" }
    ]
  }
}