Environment Variables and Secrets in AEMaaCS

Published
Environment variables allow AEM code and applications to adapt based on context, enabling different configurations for development, production, or staging environments. They can be updated or deleted as needed, no code changes or deployments required. By separating code from configuration, they enhance security and keep sensitive information out of version control.
Environment-specific variables can be created using Cloud Manager and utilized in OSGi configurations, pom.xml, etc. These environment variables can be categorized as either environment-specific values or environment secrets. Environment-specific values provide a way to store non-sensitive information, while Secrets are used to store sensitive information such as passwords and API keys.
To create Environment Variables in Cloud Manager, navigate to the Side Navigation bar, select Environments, and choose the desired environment. In the environment details, go to the Configuration tab and click Add to open the Environment Configuration dialog.
Custom OSGI Configuration
While creating the variables, you can specify the service to which the variables apply, such as Author, Publish, Preview, or All, and choose their type, either Variable or Secret. It's recommend to add multiple variables at once in the Environment Configuration dialog to update the environment in a single step. Otherwise, each save will trigger an environment update. Note that when editing secrets, you can only update their values; viewing them is not possible.

How to Use

Once environment variables are created, you can use them in several places.
  • OSGi Configs: Both regular environment variables and secrets can be used in OSGi configurations. To learn how to use environment variables in OSGi configs, refer to this link.
  • pom.xml: You can access environment variables and secrets in XML using ${env.VARIABLE_NAME}. For example, instead of hardcoding passwords, you can use environment variables.
  • Dispatcher: Only regular environment variables can be used with the dispatcher. Secrets cannot be used. However environment variables cannot be used in IfDefine directives.
These environment-specific values will be automatically pulled from Cloud Manager based on the environment you are in.
Important Note: In Cloud Manager, the limit is 200 environment variables per environment. To stay within this limit, consider using inline values in OSGi configs where possible.