For the complete documentation index, see llms.txt.

Documentation

Repository docs

This route renders the repository README and markdown under docs/ .

Source: docs/ENVIRONMENT_VARIABLES.md

Rendered document

docs/ENVIRONMENT_VARIABLES.md

Parsed server-side (markdown to HTML in the app). Same bytes you get from the checkout.

Environment Variables

Smart Deploy uses env vars at build time (CodeBuild) and runtime (ECS tasks). Static S3 deploys only use build-time vars during the build step.

Build-time vs runtime

PhaseUsed forECS deploysStatic S3
Build-timenpm ci, npm run build, Railpack installInjected into CodeBuild as .envSame
RuntimeApp process after container startsAWS Secrets Manager → ECS task envN/A (static files only)

Changing runtime vars in the UI updates Secrets Manager but the running task may need a redeploy to pick up new values.

Where to set them

  • Blueprint preview or Config → Environment tab
  • Format: KEY=value per line; lines starting with # are ignored

ECS runtime secrets

For container deploys, runtime env vars are stored in AWS Secrets Manager per deployment (secretsArn). Smart Deploy syncs your env string to the secret and mounts keys on the ECS task definition.

Do not put build-only secrets in runtime if the build step needs them — use build-time vars for CodeBuild.

Common variables

VariableWhen needed
PORTContainer must listen on the port ECS expects (often from scan/Railpack plan)
NODE_ENVproduction for Node server apps
DATABASE_URLRuntime connection string for server apps
RAILPACK_PACKAGESPin Mise packages at build: node@22
RAILPACK_SPA_OUTPUT_DIRMonorepo SPA dist path for static routing
RAILPACK_BUILD_CMD / RAILPACK_START_CMDOverride Railpack commands

See Railpack.

Railpack plan variables

Railpack may embed deploy.variables in the scan plan. User env vars in Smart Deploy merge with build context — conflicting keys: prefer explicit env tab values for overrides.

Build-time .env in CodeBuild

During build, Smart Deploy writes your env string to .env in the CodeBuild workspace before Railpack/Docker build runs. Useful for:

  • NEXT_PUBLIC_* vars needed at build
  • Private registry tokens for npm/pip
  • Build-args equivalents for static site builds

Static sites

Only build-time vars apply. There is no server process — anything the built HTML/JS needs at build time must be present during CodeBuild.

Security practices

  • Never commit production secrets to the repo; use Smart Deploy env vars or Secrets Manager
  • Rotate credentials if logs show leaked values
  • Separate staging and production deployments rather than reusing secrets across branches

Troubleshooting

SymptomCheck
App missing config at runtimeRuntime env tab; redeploy after changes
Build can't reach private npmBuild-time token vars
Wrong API URL in built SPANEXT_PUBLIC_* at build time, not runtime
Container exits immediatelyRequired runtime vars (DATABASE_URL, PORT)

Related