Today there is no supported mechanism to securely configure environment variables (API keys, secrets) for applications deployed to Harper Fabric via the CLI.
loadEnv: .env works locally, but Fabric deployments lack:
- A UI or CLI mechanism to define environment variables
- A secure secret store for runtime configuration
- A way to inject environment variables at deploy time
Customer ask (ESS Request)
Originated from a customer; flagged as a Q2 2026 product roadmap item. From CORE-3024 discussion (bari):
Sub-asks identified:
- CLI arguments for env vars at deploy time (so customers using
harperdb deploy against a GitHub repo without secrets in source can supply them at deploy time).
- Better template for the deployment workflow.
- Studio UI for adding secrets (significantly larger; several weeks of focused dev).
- A "write your .env" prompt in Studio that ends up calling
set component with .env content.
- Allow users to upload a
.env file directly. (Note: through Fabric Connect, the secret transits Harper servers — recommend warning users / encouraging direct connect.)
- Audit/logging policy for secret storage (separate security discussion).
- Compose-level env vars (Q2 roadmap, separately tracked).
harper_ prefix directive for Harper-specific env vars to avoid customer conflicts.
Scope split
This umbrella issue tracks the engineering-side work in harper-pro / core:
- Deploy-time env-var injection mechanism (CLI + Operations API).
- Storage model for secrets at rest in Fabric (encrypted, audited).
harper_* directive parsing for Harper-internal env-vars.
Studio UI work belongs in HarperFast/studio. Cross-link when the UI ticket is filed.
Not Ready
Needs product/UX alignment on the secrets storage model (where do secrets live? how are they encrypted? what's the audit posture?) before engineering can scope concrete acceptance criteria. The discussion captured in the Jira ticket is a starting point.
Tracked in Jira: CORE-3024
🤖 Filed by Claude on behalf of Kris.
Today there is no supported mechanism to securely configure environment variables (API keys, secrets) for applications deployed to Harper Fabric via the CLI.
loadEnv: .envworks locally, but Fabric deployments lack:Customer ask (ESS Request)
Originated from a customer; flagged as a Q2 2026 product roadmap item. From CORE-3024 discussion (bari):
Sub-asks identified:
harperdb deployagainst a GitHub repo without secrets in source can supply them at deploy time).set componentwith .env content..envfile directly. (Note: through Fabric Connect, the secret transits Harper servers — recommend warning users / encouraging direct connect.)harper_prefix directive for Harper-specific env vars to avoid customer conflicts.Scope split
This umbrella issue tracks the engineering-side work in harper-pro / core:
harper_*directive parsing for Harper-internal env-vars.Studio UI work belongs in HarperFast/studio. Cross-link when the UI ticket is filed.
Not Ready
Needs product/UX alignment on the secrets storage model (where do secrets live? how are they encrypted? what's the audit posture?) before engineering can scope concrete acceptance criteria. The discussion captured in the Jira ticket is a starting point.
Tracked in Jira: CORE-3024
🤖 Filed by Claude on behalf of Kris.