Handler
Configuration
Runtime configuration and environment variables for Handler
Settings file
services/handler/config/settings.py- Local overrides can be placed in
services/handler/.env.
Environment variables
| Variable | Required | Default | Purpose |
|---|---|---|---|
PROJECT_NAME | No | Nest Data Pipeline - Task Handler | Service display name |
COMPONENT_SLUG | No | handler | Component slug for secrets |
API_V1_STR | No | /api/v1 | API prefix |
DEBUG | No | false | Enables debug mode |
SENTRY_ENVIRONMENT | No | production | Sentry environment tag |
TASK_ESCALATION_SECONDS | No | 3600 | Retry escalation threshold |
ALLOWED_ORIGINS | No | ["*"] | CORS allowlist |
NEST_API_KEY | No | DEFAULT_SK | Reserved API key (not used for ingress) |
GCP_PROJECT_ID | No | resolved via metadata | GCP project id |
SPANNER_INSTANCE_ID | Yes | none | Spanner instance id |
SPANNER_DATABASE_ID | Yes | none | Spanner database id |
PIPELINE_MAX_RUNTIME_SECONDS | No | 1600 | Pipeline execution limit |
CLOUD_TASKS_LOCATION | No | us-central1 | Cloud Tasks region |
BUBBLE_INVOICES_QUEUE | No | nest-bubble-invoices | Queue for Bubble invoice forwarding |
BUBBLE_INVOICES_ENDPOINT | Yes | none | Bubble API endpoint for invoices |
CLOUD_TASKS_SERVICE_ACCOUNT | No | none | OIDC token service account |
PARTNERCREDS_SERVICE_BASE_URL | No | resolved via service discovery | PartnerCreds base URL |
Credentials
Handler uses Application Default Credentials (ADC) for:
- Cloud Spanner access
- Secret Manager access
- Cloud Tasks API (invoice forwarding)
For local development, set GOOGLE_APPLICATION_CREDENTIALS to a service
account JSON with Spanner + Secret Manager + Cloud Tasks permissions, or run
gcloud auth application-default login.
Behavior notes
- When
DEBUG=true, pipeline status updates are disabled to avoid polluting production metadata. PARTNERCREDS_SERVICE_BASE_URLis resolved automatically if not provided, using Cloud Run service discovery.PIPELINE_MAX_RUNTIME_SECONDSenforces an async timeout at the request layer.
Secrets (Secret Manager)
| Secret | Required | Purpose |
|---|---|---|
HANDLER_SENTRY_DSN | No | Error and trace reporting |
BUBBLE_API_TOKEN | Yes | Authorization for Bubble invoice forwarding |
{ORG}_PARTNER_ID | Yes (ezyVet) | Partner id per org |
{ORG}_CLIENT_ID | Yes (ezyVet) | Client id per org |
{ORG}_CLIENT_SECRET | Yes (ezyVet) | Client secret per org |
{ORG}_SCOPE | Yes (ezyVet) | OAuth scope per org |
EZYVET_PROXY_HOST | No | Proxy host for ezyVet |
EZYVET_PROXY_USER | No | Proxy username for ezyVet |
EZYVET_PROXY_PASSWORD | No | Proxy password for ezyVet |
Last updated on