3. Deployment Environment
The Deployment Environment section defines the cloud or platform environment where your workflow will run.
It allows you to connect to specific accounts or environments via Connectors, set environment variables, and link outputs or secrets dynamically across workflows.
This configuration ensures your workflow has the proper credentials and runtime settings to execute tasks on your target infrastructure (e.g., AWS, Azure, GCP, Kubernetes).
3.1 Overview​
This section appears under Settings → Deployment Environment and consists of two main parts:
-
Connector Selection
-
Environment Variables Configuration
3.2 Select Connector​
The Connector represents the cloud or infrastructure integration your workflow uses for deployment.
| Field | Description |
|---|---|
| Select Connector | Choose the cloud or infrastructure connector from your organization’s integrations (e.g., AWS, Azure, GCP, VMware, or custom integration) or a connector |
| Select Child Connector | (Optional) Choose a specific account, sub-connector, or environment under the parent connector — such as a specific AWS account or subscription. |
When a connector is selected, it’s displayed as:
integrationgroups/<connector-id>
and the connection status is shown (e.g., âś… Connected or đź”´ Disconnected).
⚙️ The selected connector determines the permissions and APIs accessible to your workflow during execution.
Example: Selecting an AWS connector allows Terraform or Ansible steps to provision or configure AWS resources.
3.3 Environment Variables​
Environment Variables expose custom configuration or runtime data to your workflow environment.
Each variable is defined by a Key and Value, which are passed to the underlying runtime container.
| Field | Description |
|---|---|
| Key | Name of the environment variable (e.g., AWS_REGION, DEPLOYMENT_ENV). |
| Value | Static or dynamic value assigned to the variable. |
| Reference Value | Link this variable to another workflow’s output or a stored secret. |
| Add Environment Variable + | Add multiple variables for flexible configuration. |
You can add, edit, or delete environment variables at any time.
đź’ˇ Example:
Key:APP_ENV→Value:productionKey:TF_LOG→Value:INFOKey:AWS_DEFAULT_REGION→Value:us-east-1
StackGuardian Environment Variables​
This list details the environment variables specific to StackGuardian, necessary for setting up and executing tasks.
| Variable Name | Description |
|---|---|
| SG_VCS_AUTH_CREDS | VCS authentication credentials. |
| SG_ORG_ID | Organization identifier in StackGuardian. |
| SG_WORKFLOW_GROUP_ID | Workflow group identifier within StackGuardian. |
| SG_WORKFLOW_ID | Identifier for the current StackGuardian workflow. |
| SG_WORKFLOW_RUN_ID | Current workflow run identifier. |
| SG_STACK_ID | Stack identifier within the workflow. |
| SG_WORKFLOW_STEP_TEMPLATE_ID | Workflow step template identifier. |
| SG_EXECUTOR_USER | Username executing the workflow. |
| SG_MOUNTED_IAC_SOURCE_CODE_DIR | Mounted IAC source code directory path. |
| SG_VCS_WORKING_DIRECTORY | VCS repository working directory. |
| SG_VCS_REPO_URL | VCS repository URL. |
| SG_VCS_REPO_NAME | Name of the VCS repository. |
| SG_VCS_REPO_REF | VCS repository reference (branch, tag, commit). |
| SG_MOUNTED_WORKSPACE_ROOT_DIR | Mounted workspace root directory path. |
| SG_MOUNTED_ARTIFACTS_DIR | Mounted artifacts directory path. |
| SG_BASE64_POLICIES | Base64-encoded policy objects associated with the workflow step. |
| SG_BASE64_WORKFLOW_STEP_INPUT_VARIABLES | Base64-encoded workflow step input variables. |
| SG_BASE64_IAC_INPUT_VARIABLES | Base64-encoded IaC input variables. |
Example of some variables values format:
| Variable Name | Value |
|---|---|
| SG_ORG_ID | /orgs/organization_name |
| SG_WORKFLOW_GROUP_ID | /wfgrps/workflow_group |
| SG_WORKFLOW_ID | /wfgrps/workflow_group/wfs/workflow_id |
| SG_WORKFLOW_RUN_ID | /wfgrps/workflow_group/wfs/workflow_id/wfruns/run_id |
| SG_WORKFLOW_STEP_TEMPLATE_ID | /organization_name/template_name:template_revision |
| SG_EXECUTOR_USER | user@example.com |
3.4 Referencing Values​
When setting environment variables, you can choose between manual values or references.
Selecting Reference Value opens the Create Reference dialog, allowing you to link this variable to data from other workflows or secure secrets.
Create Reference Dialog​
| Field | Description |
|---|---|
| Referencing Type | Choose between: - Workflow Output: Use outputs from previously executed workflows. - Secret: Fetch a stored vault secret (e.g., API key, password). |
| Workflow | Select the workflow whose output you want to reference. |
| Output Key | Choose a specific output key from that workflow. |
Once configured, the referenced value will dynamically resolve at runtime.
đź”’ This mechanism allows for secure and modular environment setup, without exposing sensitive data directly in your workflow configuration.
Example Use Case:
- A “Provision Infrastructure” workflow exposes an output
vpc_id. - A “Deploy Application” workflow references that
vpc_idoutput dynamically using Workflow Output. - Secrets such as access tokens or credentials can be securely injected via Secret references from your vault.
For more detailed instructions on creating references, refer to the Reference Variables documentation.
3.5 Referencing StackGuardian Environment Variables​
The StackGuardian Environment Variables can be utilized in your caller code during workflow execution. This functionality enables you to dynamically associate your executing code with the StackGuardian Environment based on the information supplied by the workflow. If necessary, you may reference any StackGuardian Environment Variables using a custom variable from the Deployment Environment.
For instance, if you wish to incorporate the StackGuardian Workflow ID in your caller code, you can access the SG_WORKFLOW_ID environment variable. This provides you with the Workflow ID from the StackGuardian runtime for your use.
Furthermore, if you intend to supply StackGuardian Environment Variables to define specific Terraform or OpenTofu variables, you can do so in the following manner:
3.6 Connector Health & Refresh​
When a connector becomes Disconnected, you’ll see a red status indicator.
To fix this:
- Click the refresh icon (↻) to reconnect the integration.
- If the issue persists, verify credentials in the organization’s Integrations → Connectors section.
Maintaining healthy connectors ensures smooth execution of workflows and prevents runtime authentication errors.