Skip to content

Manage environments and variables

Settings → Environment manages reusable environment definitions and Terraform values at organization, project, or workspace scope. Secret-backed values are write only: ScrinCloud does not return them to the browser after save.

Typical time
10–20 minutes
You need
Environment-management permission for the selected scope
Outcome
A scoped environment with reviewed variables

Open Settings → Environment and choose:

  • Organization for the shared baseline;
  • Project for one selected project; or
  • Workspace for one workspace inside a selected project.

Choose the project before a workspace. Organization environments are always shared; workspace environments are always isolated. Project environments can use the available shared or isolated choice. Effective runner values resolve from organization to project to workspace, with the more specific matching key taking precedence.

Environment 1 of 6 · Screenshot placeholder

Select organization, project, or workspace scope

Show all three scope controls with synthetic project and workspace choices.

Future capture briefHide project, workspace, organization, provider-account, and state identifiers.

Use the Environments tab, search, page size, Previous, and Next to find a row. To create one:

  1. choose Create environment;
  2. enter Environment Name;
  3. review or edit the lowercase Environment Key;
  4. add an optional description;
  5. choose the permitted isolation and display color; and
  6. choose Create Environment.

The key must be unique inside the selected scope.

Environment 2 of 6 · Screenshot placeholder

Create an environment in the selected scope

Show the environment drawer with name, normalized key, description, isolation, and color.

Future capture briefUse a synthetic name and key. Do not show customer naming conventions or real project associations.

Select an environment and choose Edit Environment to update its supported fields. Choose Delete Environment only after reviewing the confirmation.

Deleting an environment can remove its environment record and associated variable configuration from ScrinCloud. If it contains sensitive variables, the backend requires protected verification before completing the deletion. It does not delete cloud resources or Terraform state.

Environment 3 of 6 · Screenshot placeholder

Edit or delete an environment

Show the environment detail actions and a synthetic delete confirmation.

Future capture briefDo not show secret values, cloud resource inventory, state content, or identifiers.

Open Variables, select the environment, and choose Add Variable.

  1. use Form or JSON mode;
  2. enter an uppercase Terraform-style key such as TF_VAR_REGION;
  3. leave Sensitive variable off;
  4. enter the non-secret value and optional description; and
  5. choose Add Variable.

The JSON editor accepts only key, sensitive, value or secret_value, and description. Duplicate keys and invalid JSON are rejected.

Environment 4 of 6 · Screenshot placeholder

Add a non-secret Terraform variable

Show Form and JSON tabs with a synthetic non-secret region value.

Future capture briefUse only harmless example values. Do not capture provider credentials, customer endpoints, or private configuration.

Step 5: Add or update a sensitive variable

Section titled “Step 5: Add or update a sensitive variable”

Turn on Sensitive variable for a credential-like or otherwise secret value. Enter the value once and save. The table shows Hidden after save, not the plaintext value.

Protected secret changes require:

  1. your current password;
  2. an active eligible second factor; and
  3. completion of the protected verification dialog.

When editing an existing sensitive value, leave the secret field blank to keep the current value. Secret-like keys must be marked sensitive.

Environment 5 of 6 · Screenshot placeholder

Protect a sensitive variable

Show the sensitive toggle, empty secret field, Hidden after save state, and empty verification dialog.

Future capture briefNever type or capture a password, secret value, one-time code, recovery code, reauthentication token, or Secrets Manager identifier.

Open the variable row menu:

  • Edit changes the supported metadata or value.
  • Delete removes the variable after confirmation.

Sensitive edits and deletions require protected verification. Use page size, Previous, and Next to review every backend page. Refresh after a concurrent change before retrying.

Environment 6 of 6 · Screenshot placeholder

Manage variable lifecycle and pages

Show variable row actions, sensitive status, and cursor-based Previous and Next controls.

Future capture briefKeep values hidden and use synthetic keys, timestamps, scopes, and environment names.

Reload the same scope and confirm the environment key, isolation, variable key, sensitive status, and page totals. For runner behavior, verify the effective variables for the intended project, workspace, and environment through an authorized workflow. Source or deployment wiring without live runtime evidence does not prove a runner received the value.

Select a project. Workspace scope also requires an existing selected workspace.

Environment and variable keys must be unique inside their selected scope. Edit the existing record or choose a different key.

Enable two-factor authentication on your own account, then complete the protected verification. Never work around it by saving a secret-like value as plain text.