Environment variables for services

You can set arbitrary environment variables for a Cloud Run service. Cloud Run injects these key-value pairs into the container and makes them accessible to your code. You can also use them to pass configuration information to buildpacks when you deploy a function from source code.

Environment variables are bound to a single service and are not visible to other services in your Google Cloud project. Each variable is stored in the deployed service and exists within the same lifecycle as the service to which it is bound.

Maximum number of environment variables

You can set a maximum of 1000 environment variables for a Cloud Run service.

Variable lifecycle

All environment variables are bound to a deployment of a service; you can set or change them only with a deployment. If a deployment fails for any reason, any changes to environment variables won't be applied. Environment variable changes require a successful deployment.

Best practices

The following section highlights some of the best practices for configuring environment variables.

Manage secrets

You can use environment variables for service configuration, but we don't recommended them as a way to store secrets such as database credentials or API keys. Sensitive values should be stored outside both your source code and outside environment variables. Some execution environments, or the use of some frameworks can result in the contents of environment variables being sent to logs. We also don't recommend storing sensitive credentials in YAML files, deployment scripts or under source control systems. Remember that environment variables are visible to anyone with project Viewer permissions or greater.

For storing secrets, we recommend that you use Secret Manager. To configure services to access secrets stored in Secret Manager, see Configure secrets.

There is no Cloud Run-specific integration with Cloud KMS.

Reserved environment variables

The environment variables defined in the container runtime contract are reserved and cannot be set. In particular, the PORT environment variable is injected inside your container by Cloud Run. You shouldn't set it yourself.

Reserved environment variables for functions

Cloud Run sets the following runtime environment variables automatically when deploying functions:

Key Description
FUNCTION_TARGET Reserved: The function to be executed.
FUNCTION_SIGNATURE_TYPE Reserved: The type of the function: http for HTTP functions, and event for event-driven functions.
K_SERVICE Reserved: The name of the function resource.
K_REVISION Reserved: The version identifier of the function.
PORT Reserved: The port over which the function is invoked.

Some additional environment variables are automatically set depending on the runtime your function uses. These are based on the runtime's operating system, for example, DEBIAN_FRONTEND, SHLVL, or PATH and the language runtime for example, NODE_ENV, VIRTUAL_ENV, or GOPATH.

Environment variables that are provided by the environment, other than the ones that are set automatically, might change in future runtime versions. As a best practice, we recommend that you don't depend on or modify any environment variables that you haven't set explicitly.

Modifying environment variables that are provided by the environment might lead to unpredictable outcomes. Attempts to modify such environment variables could be blocked or, worse, lead to unintended consequences such as functions that cannot start. As a best practice, consider prefixing any environment variables with a unique key to avoid conflicts.

Additionally, you can't use the following environment variables:

Key Description
Empty ('') Keys can't be an empty string.
= Keys can't contain the '=' character.
X_GOOGLE_ Keys can't contain the prefix X_GOOGLE_.

Variable size limits for functions

The total number of bytes used by runtime environment variable names and values for an individual function is limited to 32 KiB. There are no specific limits on individual keys or values within this overall capacity.

For build environment variables, you can define up to 100 variables, with the definition string foo=bar limited to 64 KiB.

Use portable environment variables in functions

It is possible that environment variables that work with your functions might not work with a different runtime environment, such as in a different language or with certain tools or libraries. It is also possible that they won't be accepted by a different platform.

You can avoid such issues by following the POSIX standard for environment variables. If you use the Google Cloud console to edit variables, Google Cloud console will warn you whenever you define a variable that might have portability issues, but won't prevent deployment. We recommend that environment variable keys consist solely of uppercase letters, digits, and <underscore> (_), as defined in the Portable Character Set, and that they don't begin with a digit.