Docs

Environment Variables

Configuration and secrets for your workers.

Setting Variables

const api = new alien.Worker("api")
  .environment({
    LOG_LEVEL: "info",
    API_ENDPOINT: "https://api.example.com",
  })
  .build()

These are available as regular environment variables at runtime.

Secrets

Credentials like API keys and database passwords are stored in the cloud's vault service (SSM, Secret Manager, Key Vault) — never in logs or config files. They're configured per-deployment when onboarding customers, not in alien.ts.

Alien syncs per-deployment secret environment variables into an internal vault named secrets. That vault is reserved for Alien-managed deployment secrets. For customer-owned secrets that should never be visible to the management identity, declare and link your own Vault resource, then have the customer create secrets directly in their cloud vault service.

For secrets your app manages at runtime, use a Vault resource.

Per-Deployment Overrides

Different customers often need different values. Override per deployment:

alien deployments set-env --deployment acme-prod LOG_LEVEL=warn

Built-In Variables

Alien injects automatically:

VariableDescription
ALIEN_DEPLOYMENT_TYPEPlatform: aws, gcp, azure
ALIEN_{NAME}_BINDINGConnection parameters for each linked resource

The ALIEN_*_BINDING variables are how your code discovers resources. See Accessing Resources.

Events & Triggers

Trigger workers from queue messages, storage events, and cron schedules.

Wait Until

Extend a worker's lifetime to run background work after the response is sent.

On this page

Setting VariablesSecretsPer-Deployment OverridesBuilt-In Variables