Environment Variables
TUMApply manages all environment variables and secrets for testserver and production via GitHub Repository Settings.
Where Are They Defined?
In GitHub Repository Settings → Environments → Test-server / Production.
There are two types:
| Type | Purpose |
|---|---|
| Environment Variables | Non-sensitive configuration values |
| Environment Secrets | Sensitive values: client secrets, API keys, database passwords |
How Are They Used?
During GitHub Actions workflow runs, all environment variables and secrets are injected dynamically into the deployment process. They override any default values from the Docker .env files (docker/mysql.env, docker/tumapply.env).
Security
Production and test secrets must only live in GitHub Secrets — never commit secrets to the repository.
Examples
Here are some common variables and secrets to give an idea of what is configured:
Environment Variables (non-sensitive):
| Variable | Example Value | Purpose |
|---|---|---|
SPRING_PROFILES_ACTIVE | prod | Active Spring profile |
SPRING_DATASOURCE_URL | jdbc:mysql://mysql:3306/tumapply | Database connection URL |
USER_RETENTION_ENABLED | true | Enable/disable automatic user data retention |
Environment Secrets (sensitive):
| Secret | Purpose |
|---|---|
SPRING_DATASOURCE_PASSWORD | Database password |
SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_OIDC_CLIENT_SECRET | Keycloak client secret |
Adding a New Variable
- Contact a repository admin to add the variable or secret in GitHub Repository Settings → Environments for the relevant environment(s)
- Ensure the variable is referenced in the deploy/build workflow if needed