Environment Variables¶
Night Routine Scheduler uses environment variables for sensitive data and deployment-specific configuration.
Required Variables¶
These environment variables must be set for the application to run:
GOOGLE_OAUTH_CLIENT_ID¶
Type: String
Required: Yes
Your Google OAuth 2.0 Client ID obtained from the Google Cloud Console.
Getting Credentials
See the Google Calendar Setup Guide for instructions on obtaining these credentials.
GOOGLE_OAUTH_CLIENT_SECRET¶
Type: String
Required: Yes
Your Google OAuth 2.0 Client Secret obtained from the Google Cloud Console.
Security Warning
Never commit this value to version control. Keep it secure and rotate it if compromised.
CONFIG_FILE¶
Type: String (file path)
Required: Yes
Path to your TOML configuration file.
In Docker:
Optional Variables¶
PORT¶
Type: Integer
Required: No
Default: Value from TOML configuration
Override the port specified in your TOML configuration.
Use Case
Useful in containerized environments where you want to specify the port at runtime without modifying the configuration file.
ENV¶
Type: String
Required: No
Default: development
Values: development | production
Controls logging format:
development- Pretty, human-readable console logs with colorsproduction- Structured JSON logs for log aggregation systems
Example development output:
2024-01-15T10:30:45Z INF Starting Night Routine Scheduler
2024-01-15T10:30:45Z INF Connecting to database file=data/state.db
Example production output:
{"level":"info","time":"2024-01-15T10:30:45Z","message":"Starting Night Routine Scheduler"}
{"level":"info","time":"2024-01-15T10:30:45Z","file":"data/state.db","message":"Connecting to database"}
Setting Environment Variables¶
Linux/macOS¶
Create a .env file:
GOOGLE_OAUTH_CLIENT_ID=your-client-id
GOOGLE_OAUTH_CLIENT_SECRET=your-client-secret
CONFIG_FILE=configs/routine.toml
ENV=production
Then source it:
Create /etc/systemd/system/night-routine.service:
[Unit]
Description=Night Routine Scheduler
After=network.target
[Service]
Type=simple
User=night-routine
WorkingDirectory=/opt/night-routine
Environment="GOOGLE_OAUTH_CLIENT_ID=your-client-id"
Environment="GOOGLE_OAUTH_CLIENT_SECRET=your-client-secret"
Environment="CONFIG_FILE=/opt/night-routine/configs/routine.toml"
Environment="ENV=production"
ExecStart=/opt/night-routine/night-routine
Restart=on-failure
[Install]
WantedBy=multi-user.target
Windows¶
- Open System Properties → Advanced → Environment Variables
- Add new user or system variables
- Restart your terminal/application
Docker¶
Security Best Practices¶
Never Commit Secrets¶
Add to .gitignore:
Use Secret Management¶
For production deployments, consider using:
- Docker Secrets - For Docker Swarm
- Kubernetes Secrets - For Kubernetes deployments
- HashiCorp Vault - For centralized secret management
- AWS Secrets Manager - For AWS deployments
- Azure Key Vault - For Azure deployments
Rotate Credentials Regularly¶
- Rotate OAuth secrets every 90 days
- Use different credentials for different environments
- Monitor for unauthorized access
Restrict Permissions¶
- Limit file permissions on
.envfiles: - Run the application with a non-root user
- Use principle of least privilege for OAuth scopes
Troubleshooting¶
Variable Not Set Errors¶
If you see errors about missing environment variables:
-
Verify the variable is exported:
-
Check for typos in variable names
-
Ensure variables are exported before running the application
OAuth Authentication Fails¶
- Verify credentials are correct in Google Cloud Console
- Check for extra whitespace in environment variables
- Ensure redirect URIs match your configuration
Configuration File Not Found¶
- Verify
CONFIG_FILEpath is absolute or relative to working directory - Check file exists and is readable
- Ensure proper file permissions