Skip to main content

A guide for coding agents to configure environment and secrets

Configure environment variables, add Python dependencies, and manage secrets securely in your Autonomy applications.
Key Terms: See the definitions section of the main guide.
Keywords: environment variables, secrets, python dependencies, docker, configuration This guide shows how to set environment variables, provide secrets securely, and add Python dependencies using multi-stage Docker builds.

Environment Variables and Secrets

Configure environment variables directly in your autonomy.yaml: 
name: translator
pods:
  - name: main-pod
    public: true
    containers:
      - name: main
        image: main
        env:
          - MAX_FILE_SIZE: "52428800"  # 50MB in bytes
          - LOG_LEVEL: "INFO"
          - API_KEY: secrets.API_KEY  # Reference to secret
For sensitive values like API keys, use a separate secrets.yaml file: 
# secrets.yaml
API_KEY: your_api_key_here
DATABASE_PASSWORD: your_secure_password_here
If you need to generate a new secure random secret, use openssl rand -hex 32 Important: Always add secrets.yaml to your .gitignore: 
# Never commit secrets
secrets.yaml
Access environment variables and secrets in your Python code: 
import os

# Environment variables
MAX_FILE_SIZE = int(os.getenv("MAX_FILE_SIZE", "50000000"))
LOG_LEVEL = os.getenv("LOG_LEVEL", "INFO")

# Secrets
API_KEY = os.getenv("API_KEY")
if not API_KEY:
    raise ValueError("API_KEY environment variable is required")
Redeploy the zone after changing environment variables or secrets.

Multi-Stage Docker Builds for Python Dependencies

When your application requires additional Python packages beyond what the base autonomy-python image includes, use a multi-stage build approach. Create a requirements.txt file with your Python dependencies: 
PyPDF2
aiofiles
Update your images/main/Dockerfile to use multi-stage build: 
FROM ghcr.io/build-trust/autonomy-python-dev AS dev
COPY requirements.txt ./
RUN pip install -r requirements.txt

FROM ghcr.io/build-trust/autonomy-python
COPY --from=dev /app/venv venv
COPY . .
ENTRYPOINT ["python", "main.py"]
This pattern:
  1. Uses the autonomy-python-dev image (which includes pip), as base, to install dependencies
  2. Then copies the packages you installed to the production image
  3. Keeps the final image size optimized while having all packages you need
Your file structure should look like: 
├── autonomy.yaml
└── images
    └── main
        ├── Dockerfile
        ├── requirements.txt
        └── main.py
Deploy as usual: 
autonomy zone deploy
The deploy command will automatically handle the multi-stage build and package installation.