New CLI Command: `circleci env subst`

CircleCI’s CLI now includes an env subst command, both in the local CLI and running inside all CircleCI jobs (coming to CircleCI server v4.2+).

If you currently have the CircleCI CLI installed, run the circleci update command.

Release: v0.1.25848
Docs: Introduction to environment variables - CircleCI

The new circleci env subst command is a wrapper around the popular envsubst CLI tool, used to substitute environment variables in a text string or file.

  circleci env [command]

Available Commands:
  subst       Substitute environment variables in a string

Global Flags:
      --verbose   enable verbose logging output

Use "circleci env [command] --help" for more information about a command.

Example Usage

Assuming you have a file named template.json:

  "key": "$value"

With the $value environment variable set, the template can be processed like so:

      - image: cimg/base:current
      value: example
      - checkout
      - run:
          command: circleci env subst < template.json > output.json

The expected contents of output.json will be:

  "key": "example"

Usage In Orbs

Envsubst is an especially helpful utility when developing orbs. It is common when creating orb commands to set environment variables to the values of CircleCI Config Parameters so that they may be used within a native bash script. This can, however, be difficult to deal with when the parameter values are expected to support string values or environment variable strings; such as $REGION or US_EAST.

Example Orb Command:

description: >
  An orb command
    default: '$REGION'
  - run:
      name: command script
        PARAM: <<parameters.param>>
      command: <<include(scripts/>>

In this example, the PARAM environment variable value in will be the literal string $REGION. While we could eval the variable, this can have unintended consequences if the value contains certain symbols such as =.

Inside the file, if we want to safely evaluate a string parameter that may contain an environment variable, we can process it with env subst at the beginning of our script.

PARAM=$(circleci env subst "$PARAM")

This will replace the environment variables within the parameter string if any exist.
If PARAM was equal to $REGION, it would now be US_EAST
If PARAM was equal to US_EAST, it would now be US_EAST

Kubernetes Example

A common use for the envsubst utility is for processing development config templates, such as Kubernetes values.yaml files.

Example values.yaml:

# Database settings
  type: postgres
  host: localhost
  port: 5432
  user: ${MY_USER}
  password: ${MY_PASSWORD}
  name: mydb

Load secrets injected into the CircleCI environment (example: contexts)

circleci env subst < values.yaml > config.yaml