Source: https://crabglamp.com/docs/app-vms/how-to/set-environment-variables
Last updated: 2026-06-12
Type: how-to

Environment variables are how you configure your container — database URLs, API keys, feature flags. CrabGlamp stores them per App and injects them into the container on each deploy.

## Set variables at creation

You can provide environment variables (including secrets) in the create dialog when the App is first created. Variables set at creation apply from the App's very first start — no separate deploy is needed. Post-creation changes to variables still trigger an automatic redeploy to pick up the new values.

## Add or change variables

1. Open the App's detail page and find the configuration section.
2. Add each variable as a key and value. Mark a variable as a **secret** if its value is sensitive (a token, a password).
3. Save. Saving replaces the App's full set of variables, so include every variable you want to keep.
4. Trigger a deploy (or roll forward) to apply the change — variables take effect on the next container start, not retroactively on the running one.

## How secrets are stored

Secret values are encrypted at rest with AES-256-GCM and are never returned in plaintext — reading the variables back shows secrets masked. Plain (non-secret) values are stored as-is so you can read them in the dashboard.

## Pull from a private registry

Registry credentials are account-level: you create them on the **Registry credentials** page in the sidebar, and then select one when creating or configuring an App. Any App on your account can reference any credential, and updating a credential once applies to every App that uses it on its next deploy.

To assign or change the credential on an existing App, use the **Configuration** card on the App's detail page. See [Deploy a private image](/docs/app-vms/how-to/deploy-a-private-image) for the full guide, including per-registry token requirements.