Placeholders in Deployment Sets


Humanitec uses Placeholders to insert values that will only be known at deployment time into Application Configuration. Placeholders use a syntax that is similar to Template literals in JavaScript or variable substitution in shell scripting languages such as Bash and PowerShell.


The syntax is as follows:
Where path is made up of . separated tokens or JSON strings enclosed in []. The following all evaluate to the same placeholder:
A literal ${ can be inserted by escaping the { with a backslash.
This will evaluate to ${path}.
Multiple placeholders can be used in a string, for example when specifying a connection string to a database:
The lables, variables and files properties of workloads in Deployment Sets support Placeholders. Placeholders are a way of injecting values into strings that are only known at deployment time. They are the mechanism that allows Deployment Sets to be environment agnostic.

Placeholders and Secrets

If a placeholder refers to a secret value (e.g. a database password) then the string it is a part of will also be treated as a secret by Humanitec.
There are some placeholders that cannot be used as secrets. In these cases, if they are included in a string that contains other placeholder that are secret, an error will be thrown. These placeholders are documented.


Placeholders can only be used in certain fields in Humanitec. These fields are:
variables, files
A Resource Output for a specific shared resource.
labels, variables, files
A Resource Output for a specific private resource in a workload.
labels, variables, files
The in-cluster name of the service exposing a workload.
labels, variables, files
A Shared Application Value or Secret.
labels, variables, files, driver_inputs
The ID of the current Application.
labels, variables, files, driver_inputs
The ID of the current Environment.
The fully qualified ID of the current Resource.
Metadata and Status information about the current Pod retrieved via the Kubernetes Downward API. This placeholder cannot be combined with other values that are secrets.
Metadata about a particular container in a Pod retrieved via the Kubernetes Downward API. This placeholder cannot be combined with other values that are secrets.
A Resource Reference placeholder. Resolves to the output of another resource defined by type#id. (#id is optional)
In the UI, inputs for labels, variables, and files support placeholder autocompletion. Type ${ in the input area to see a complete list of available placeholders.


Referencing a resource in a workload

A database connection string to a PostgreSQL Database added as a Private Resource Dependency with ID users-db to a workload.
Referencing the DNS name of a shared DNS resource with ID api

Referencing Shared Values or Secrets

Referencing the Stripe API Key stored as a secret in Shared App Values under the ID STRIPE_API_KEY:

Referencing other workloads

Constructing an in-cluster URL to make requests to another workload with ID other-workload:

Using context in Resource Definitions

Defining a template for a DNS subdomain for an environment:

Downward API

Referencing the name of the current Pod:
NOTE: This value will be different on every replica.
Referencing the current namespace:
Referencing the IP of the node the Pod is running on:
NOTE: This may vary between replicas of the same Pod.
Referencing the CPU limit for a container with ID main in the current Pod: