Skip to main content

Configuration Management Overview

Serverpod Cloud provides three commands for managing configuration values: password, secret, and variable. Each serves a different purpose.

Passwords (scloud password)

Use passwords for any secret or password that you want to access using Serverpod's getPassword() API.

Key characteristics:

  • ✅ Encrypted at rest
  • ✅ Automatically prefixed with SERVERPOD_PASSWORD_
  • ✅ Accessible via getPassword() function
  • ✅ Can view Serverpod Cloud-managed passwords

Example:

import 'package:serverpod/serverpod.dart';

final dbPassword = await session.serverpod.getPassword('database');
// Accesses SERVERPOD_PASSWORD_database

Secrets (scloud secret)

Use secrets for sensitive data that must be kept confidential.

Key characteristics:

  • ✅ Encrypted at rest
  • ✅ Never logged or displayed after creation
  • ✅ Automatically injected as environment variables
  • ✅ Lists all secrets with full key names (including user-defined passwords)

Example:

import 'dart:io';

final apiKey = Platform.environment['API_KEY']; // from secret

Variables (scloud variable)

Use variables for non-sensitive configuration values.

Key characteristics:

  • ✅ Can be viewed, updated, and deleted
  • ✅ Automatically injected as environment variables
  • ⚠️ Not encrypted (values are visible in dashboard and CLI)

Example:

import 'dart:io';

final region = Platform.environment['REGION']; // from variable

Quick Decision Guide

Use password if:

  • The value is sensitive (API keys, tokens, private keys)
  • You need to use Serverpod's getPassword() function
  • You want automatic SERVERPOD_PASSWORD_ prefixing
  • You want to view Serverpod Cloud-managed passwords

Use secret if:

  • The value is sensitive (API keys, tokens, private keys)
  • You want to view all secrets with full key names

Use variable if:

  • The value is not sensitive (URLs, feature flags, settings)
  • You want to view or update values frequently