How to Manage Environment Variables in Coolify (2026 Guide)
Step-by-step guide to managing environment variables in Coolify. Covers variable scopes, build vs runtime variables, preview deployments, shared environments, and team-scale configuration.
How to Manage Environment Variables in Coolify
Coolify has quickly become one of the most popular open-source, self-hosted alternatives to Heroku, Vercel, and Netlify. With its polished interface and comprehensive feature set, it's a strong choice for teams who want cloud-like deployment experiences on their own infrastructure. This guide covers everything from basic variable setup to scaling configuration management as your team and infrastructure grow.
What is Coolify?
Coolify is a self-hostable, all-in-one platform for managing servers, applications, and databases. It supports deploying from Git repositories, Docker images, and Docker Compose files, with automatic SSL certificates and built-in monitoring.
What sets Coolify apart is its modern, intuitive interface and active development. For teams moving away from managed platforms due to cost, data sovereignty, or customization needs, Coolify offers a compelling alternative.
Understanding Coolify's Environment Variables
Coolify provides a flexible environment variable system that supports both application-specific and shared configuration.
Variable Scopes in Coolify
Coolify organizes environment variables at several levels:
- Application variables - Specific to a single deployed application
- Service variables - Shared across services in a Docker Compose deployment
- Team/Project variables - Can be shared across multiple applications (via Coolify's shared environment feature)
Adding Environment Variables in Coolify
To configure environment variables for an application in Coolify:
- Navigate to your application in the Coolify dashboard
- Click on the Environment Variables section
- Add your variables one by one or paste multiple in KEY=VALUE format
- Save your changes
- Redeploy your application to apply the new configuration
# Example application configuration
DATABASE_URL=postgresql://user:password@db.local:5432/production
REDIS_URL=redis://redis.local:6379
SECRET_KEY_BASE=a-very-long-and-secure-secret-key
RAILS_ENV=production
Preview Deployments and Variables
Coolify supports preview deployments for pull requests. You can configure separate environment variables for preview deployments, allowing you to use test databases and sandbox API keys without affecting production.
# Production
STRIPE_API_KEY=sk_live_xxx
DATABASE_URL=postgresql://prod-db/app
# Preview deployments
STRIPE_API_KEY=sk_test_xxx
DATABASE_URL=postgresql://staging-db/app
Build vs. Runtime Variables
Coolify distinguishes between build-time and runtime environment variables:
- Build variables - Available during the Docker build process
- Runtime variables - Injected when the container starts
For sensitive values, prefer runtime variables so they don't get baked into your Docker image layers.
Common Challenges with Coolify Environment Management
As teams scale their Coolify deployments, several challenges emerge:
1. Variable Sprawl
With multiple applications, each having multiple environments (production, staging, development), the number of environment variables to manage grows quickly. Keeping track of what's configured where becomes overwhelming.
2. Secret Visibility
Anyone with access to a Coolify project can view all environment variables, including sensitive secrets. There's no way to hide API keys from developers who only need deployment access.
3. Cross-Application Consistency
When multiple applications share configuration (like a shared database or third-party API key), ensuring consistency across all applications requires manual verification.
4. Change Tracking
Coolify doesn't maintain a history of environment variable changes. When something breaks, determining what changed and when requires external documentation.
5. Onboarding New Team Members
Getting new developers set up with the correct local environment variables often involves asking colleagues for values or digging through documentation.
Best Practices for Coolify Environment Variables
Establish Naming Conventions
Use consistent, descriptive names that indicate the variable's purpose:
# Database connections
DB_PRIMARY_URL=postgresql://primary-host/db
DB_REPLICA_URL=postgresql://replica-host/db
# Third-party services - include the service name
STRIPE_SECRET_KEY=sk_xxx
SENDGRID_API_KEY=SG.xxx
AWS_ACCESS_KEY_ID=AKIA...
# Feature flags - use consistent prefixes
FEATURE_NEW_CHECKOUT=true
FEATURE_DARK_MODE=false
Group Related Variables
When viewing your environment variables, logical grouping helps maintainability:
# === Database Configuration ===
DATABASE_URL=postgresql://...
DATABASE_POOL_SIZE=10
DATABASE_TIMEOUT=5000
# === Redis Configuration ===
REDIS_URL=redis://...
REDIS_POOL_SIZE=5
# === External APIs ===
STRIPE_SECRET_KEY=sk_...
STRIPE_WEBHOOK_SECRET=whsec_...
Use Coolify's Shared Environments
For variables shared across multiple applications, use Coolify's shared environment feature rather than duplicating values:
- Create a shared environment in your Coolify project
- Add common variables (database URLs, shared API keys)
- Link applications to the shared environment
- Application-specific variables override shared ones when needed
Document Expected Variables
Maintain a reference for your team:
## Required Environment Variables
| Variable | Description | Required In |
|----------|-------------|-------------|
| DATABASE_URL | PostgreSQL connection | All environments |
| SECRET_KEY_BASE | Rails encryption key | All environments |
| STRIPE_SECRET_KEY | Stripe API key | Production, Staging |
## Optional Variables
| Variable | Default | Description |
|----------|---------|-------------|
| LOG_LEVEL | info | Logging verbosity |
| WORKER_COUNT | 2 | Background job workers |
Integrating EnvManager with Coolify
EnvManager (free tier available, Pro under €10/month) complements Coolify by providing enterprise-grade configuration management. Your infrastructure stays on your servers. EnvManager handles the configuration layer with encrypted storage — your secrets are encrypted at rest via Supabase Vault and pgsodium, and only revealed to authorized team members.
Centralized Source of Truth
Instead of managing variables separately in each Coolify application, use EnvManager as your central configuration store. Define variables once, then export to Coolify when needed.
Granular Access Control
EnvManager lets you control access at the variable level:
- Secrets: Only admins can view and modify sensitive values
- Configuration: Team members can view and use non-sensitive settings
- Read-only access: Contractors can see what's needed without modification rights
Complete Audit Trail
EnvManager logs every change:
2024-01-22 14:30:15 - jane@company.com updated STRIPE_SECRET_KEY in production
2024-01-22 11:45:00 - bob@company.com created new variable FEATURE_FLAG_V2 in staging
2024-01-21 16:20:33 - admin@company.com rotated DATABASE_PASSWORD in all environments
When your staging deploy breaks at 11 PM, the audit log shows exactly who changed what and when — no more guessing or Slack archaeology.
Secure Secret Sharing
When onboarding new team members or sharing configuration with contractors, EnvManager provides secure sharing without exposing secrets in chat or email.
Environment Comparison
Easily compare configuration across environments to catch missing variables or inconsistencies before they cause production issues.
Setting Up EnvManager for Coolify
Here's how to integrate EnvManager into your Coolify workflow:
1. Mirror Your Coolify Structure
Create a project in EnvManager for each Coolify project. Add environments that match your deployment targets (development, staging, production).
2. Import Current Configuration
Export your existing Coolify environment variables and import them into EnvManager. This establishes your baseline.
3. Manage Variables in EnvManager
Going forward, make all configuration changes in EnvManager. This becomes your single source of truth.
4. Configure Team Access
Set up roles in EnvManager:
- Developers: Can view non-secret variables, request access to secrets
- DevOps: Can manage variables and deployments
- Admins: Full access including team management and audit logs
5. Sync Changes to Coolify
When updating Coolify configuration:
- Make changes in EnvManager
- Export the environment configuration
- Update your Coolify application
- Redeploy
Coolify vs. Other Platforms
How does Coolify's environment variable management compare?
| Feature | Coolify | Dokploy | Vercel | Heroku |
|---|---|---|---|---|
| Basic variables | Yes | Yes | Yes | Yes |
| Shared variables | Yes | Limited | No | Config vars |
| Preview env support | Yes | Yes | Yes | Review apps |
| Variable encryption | Limited | Limited | Yes | Yes |
| Access control | Project-level | Project-level | Team-level | App-level |
| Audit logging | No | No | Limited | Add-on |
| Self-hosted | Yes | Yes | No | No |
The gap in access control and audit logging is where EnvManager adds the most value.
Security Best Practices for Self-Hosted Deployments
Running Coolify means you're responsible for security:
Secure Your Coolify Instance
- Enable two-factor authentication for all users
- Use a reverse proxy with proper SSL configuration
- Restrict dashboard access by IP or VPN
- Keep Coolify and dependencies updated
Protect Your Secrets
- Use EnvManager for encrypted secret storage
- Never commit secrets to Git repositories
- Rotate credentials on a regular schedule
- Monitor for leaked secrets with scanning tools
Network Security
- Use private networks for internal services
- Don't expose databases or caches publicly
- Implement proper firewall rules
- Use SSH tunnels for remote database access
Conclusion
Coolify provides an excellent self-hosted deployment platform with solid environment variable management. However, as your team and infrastructure grow, you'll benefit from dedicated configuration management tooling.
By combining Coolify's deployment capabilities with EnvManager's secure, team-friendly configuration management, you achieve the flexibility of self-hosting with the configuration management capabilities typically reserved for enterprise platforms.
Proper environment variable management isn't just about convenience - it's about security, collaboration, and operational reliability. When everyone on your team knows where configuration lives, who changed what, and how to access what they need, deployments become smoother and incidents become easier to resolve.
Ready to bring enterprise configuration management to your self-hosted stack? Start free with EnvManager — no credit card required.