Issue Injecting OAuth Secrets (client_id/client_secret) into IRIS Productions in Docker

Hello Community,

I’m working on an InterSystems IRIS production that needs to call an external API using OAuth client credentials (client_id and client_secret). For security reasons, I must pass these credentials via environment variables in my Docker container.

In the IRIS terminal, I can successfully retrieve these environment variables using $System.Util.GetEnviron("api-clientid") and $System.Util.GetEnviron("api-clientsecret"). However, inside my Business Operation class (OnMessage method), these environment variables return empty strings.

I verified that the variables are properly set in the Docker container environment, and the IRIS instance has access to them in the terminal session.

I suspect that the production or namespace context might not have access to the environment variables, or that the way IRIS runs productions might isolate the environment variables.

I have also read about potentially injecting variables into the namespace environment via system configurations, but I’m unsure how to do this effectively or if it will solve the problem.

Questions:

• How can I reliably access environment variables from within an IRIS production running inside Docker or Kubernetes?
• Is there a recommended best practice for injecting secrets such as client_id and client_secret into the IRIS environment used by productions?
• Any examples or configurations that have worked for others to pass sensitive environment variables into Business Operations or Services?

Thanks in advance for your help!