Re: How to make values in VCAP_SERVICES json private or secret or hidden

Stuart Charlton

Hi Nikhil,

Generally the way to prevent individuals from reading VCAP_SERVICES is to
give them a non-SpaceDeveloper role in that space, like SpaceAuditor. A
SpaceDeveloper is the only role that can read or set those values, and
generally you'd want them to be able to manage them.

So, say a developer pushed code to QA, they'd have SpaceDeveloper access to
a QA space, and could read/write VCAP_SERVICES.

Pushing to production you'd have a different person with SpaceDeveloper
access to a Prod space. Or, more commonly, you'd prod access to a secured
CI/CD tool like Jenkins or Concourse that governed SpaceDeveloper access to


On Wed, Jun 29, 2016 at 3:28 PM, Nikhil Katre <nikhil.katre(a)>


I have a service that is supported on Cloud Foundry through Java Buildpack.
I am trying to make the values of my service in VCAP_SERVICES json hidden
or private, so that its invisible using the command cf env.
Does anyone know how to achieve this in Cloud Foundry or PCF platform ?


Stuart Charlton

Pivotal Software | Platform Architecture

Mobile: 403-671-9778 | Email: scharlton(a)

Join { to automatically receive all group messages.