Skip to main content

Overview

Multi-Cloud Manager requires environment variables to authenticate with Azure, Google Cloud Platform (GCP), and Amazon Web Services (AWS). All variables should be defined in a .env file in the root directory.

Environment File Setup

Create a .env file in the project root: 
touch .env
The .env file is automatically loaded by the backend service through the docker-compose.yml configuration: 
backend:
  env_file:
    - .env

Required Environment Variables

Azure Configuration

Required for Azure cloud operations and authentication:
VariableDescriptionRequiredExample
AZURE_CLIENT_IDAzure AD application (client) IDYesa1b2c3d4-e5f6-7g8h-9i0j-k1l2m3n4o5p6
AZURE_CLIENT_SECRETAzure AD application client secretYesabc123~DEF456.ghi789_JKL012
AZURE_TENANT_IDAzure AD tenant (directory) IDYesz9y8x7w6-v5u4-t3s2-r1q0-p9o8n7m6l5k4
FRONTEND_URLFrontend application URLNohttp://localhost:3000 (default)
APP_BASE_URLBackend application base URLNohttp://localhost:5000 (default)
Used in:
  • azure_modules/utils.py:16-19
  • azure_modules/log_analytics.py:28-30
  • azure_modules/containermonitor.py:20-22
  • azure_modules/alerts.py:20-22
  • auth/azure_auth.py:11-15

Google Cloud Platform (GCP) Configuration

Required for GCP operations and OAuth authentication:
VariableDescriptionRequiredExample
GOOGLE_CLIENT_IDGCP OAuth 2.0 client IDYes123456789-abc123def456.apps.googleusercontent.com
GOOGLE_CLIENT_SECRETGCP OAuth 2.0 client secretYesGOCSPX-AbCdEfGhIjKlMnOpQrStUvWxYz
GOOGLE_REDIRECT_URIOAuth redirect URI for GCP authenticationYeshttp://localhost:5000/auth/google/callback
Used in:
  • gcp/utils.py:8-9
  • auth/gcp_auth.py:7-9

Amazon Web Services (AWS) Configuration

Required for AWS operations:
VariableDescriptionRequiredExample
AWS_ACCESS_KEY_IDAWS IAM access key IDYesAKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEYAWS IAM secret access keyYeswJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
AWS_ACCOUNT_IDAWS account IDYes123456789012
Used in:
  • aws/utils.py:5-6
  • auth/aws_auth.py:10-12

Example .env File

Here’s a complete example .env file with all required variables: 
# Azure Configuration
AZURE_CLIENT_ID=a1b2c3d4-e5f6-7g8h-9i0j-k1l2m3n4o5p6
AZURE_CLIENT_SECRET=abc123~DEF456.ghi789_JKL012
AZURE_TENANT_ID=z9y8x7w6-v5u4-t3s2-r1q0-p9o8n7m6l5k4
FRONTEND_URL=http://localhost:3000
APP_BASE_URL=http://localhost:5000

# Google Cloud Platform Configuration
GOOGLE_CLIENT_ID=123456789-abc123def456.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-AbCdEfGhIjKlMnOpQrStUvWxYz
GOOGLE_REDIRECT_URI=http://localhost:5000/auth/google/callback

# Amazon Web Services Configuration
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
AWS_ACCOUNT_ID=123456789012

Setting Up Cloud Provider Credentials

Azure Setup

  1. Register an Application in Azure AD:
    • Go to Azure Portal > Azure Active Directory > App registrations
    • Click “New registration”
    • Note the Application (client) ID and Directory (tenant) ID
  2. Create a Client Secret:
    • In your app registration, go to Certificates & secrets
    • Click “New client secret”
    • Copy the secret value immediately (it won’t be shown again)
  3. Configure API Permissions:
    • Add required Azure management API permissions
    • Grant admin consent for your organization
  4. Set Redirect URIs:
    • Add http://localhost:5000/auth/azure/callback for development
    • Add your production callback URL for production

Google Cloud Platform Setup

  1. Create a GCP Project:
    • Go to Google Cloud Console
    • Create a new project or select existing one
  2. Enable Required APIs:
    • Enable Cloud Resource Manager API
    • Enable Compute Engine API
    • Enable Cloud Run API
    • Enable Cloud Monitoring API
    • Enable Cloud Logging API
  3. Create OAuth 2.0 Credentials:
    • Go to APIs & Services > Credentials
    • Click “Create Credentials” > “OAuth 2.0 Client ID”
    • Configure OAuth consent screen
    • Note the Client ID and Client Secret
  4. Configure Authorized Redirect URIs:
    • Add http://localhost:5000/auth/google/callback for development
    • Add your production callback URL for production

AWS Setup

  1. Create an IAM User:
    • Go to AWS IAM Console
    • Click “Users” > “Add user”
    • Enable “Programmatic access”
  2. Attach Policies:
    • Attach required policies for EC2, S3, and other services
    • Consider using managed policies or create custom policies
  3. Generate Access Keys:
    • In the user’s Security credentials tab
    • Click “Create access key”
    • Download and securely store the credentials
  4. Note Your Account ID:
    • Find your AWS Account ID in the account dropdown

Security Best Practices

Development Environment

  1. Never Commit .env Files: 
    # Add to .gitignore
.env
.env.local
.env.*.local
  2. Use Environment-Specific Files:
    • .env.development for development
    • .env.production for production
    • .env.test for testing
  3. Limit Credential Permissions:
    • Use least privilege principle
    • Create separate credentials for development and production

Production Environment

  1. Use Secret Management Services:
    • Azure Key Vault for Azure deployments
    • Google Secret Manager for GCP deployments
    • AWS Secrets Manager for AWS deployments
    • HashiCorp Vault for multi-cloud
  2. Use Docker Secrets: 
    secrets:
  azure_client_secret:
    external: true

services:
  backend:
    secrets:
      - azure_client_secret
  3. Rotate Credentials Regularly:
    • Set up automatic rotation schedules
    • Monitor for unauthorized access
  4. Use Environment Variables in CI/CD:
    • Store secrets in GitHub Secrets, GitLab CI/CD variables, etc.
    • Never hardcode credentials in deployment scripts

Validation

After setting up environment variables, verify they’re loaded correctly:

Check Environment Variables in Container

# Access backend container
docker-compose exec backend /bin/bash

# List environment variables (be careful with sensitive data)
env | grep AZURE
env | grep GOOGLE
env | grep AWS

Test Authentication

Start the application and check logs: 
docker-compose up
Look for authentication-related errors in the backend logs. If credentials are missing or invalid, you’ll see error messages.

Troubleshooting

Environment Variables Not Loading

Problem: Backend cannot read environment variables. Solutions:
  1. Verify .env file exists in root directory
  2. Check docker-compose.yml has env_file: .env configuration
  3. Restart containers: docker-compose down && docker-compose up
  4. Verify no extra whitespace around variable values

Authentication Failures

Problem: Cloud provider authentication fails. Solutions:
  1. Verify credentials are correct and not expired
  2. Check API permissions are properly configured
  3. Ensure redirect URIs match exactly
  4. Verify client secrets haven’t expired (Azure secrets expire)

Invalid Format Errors

Problem: Application rejects environment variable format. Solutions:
  1. Remove quotes around values (unless needed for special characters)
  2. Ensure no trailing whitespace
  3. Use proper UUID format for Azure IDs
  4. Verify URLs include protocol (http:// or https://)

Next Steps

Build docs developers (and LLMs) love

Get started for freeTalk to us