Environment Variables & Secrets
Environment variables let you configure your application for different environments without hardcoding values.
Adding Variables
- Navigate to your project's Settings → Environment Variables.
- Click Add Variable.
- Enter the variable name and value.
- Choose whether it's available at build time, runtime, or both.
Build-Time vs Runtime
- Build-time variables are available during the build phase. Use these for values your framework inlines at build time (e.g.,
NEXT_PUBLIC_*in Next.js). - Runtime variables are available to your running application. Use these for API keys, database URLs, and other secrets.
Masking Secrets
Toggle the Mask option to hide the variable's value in logs and the dashboard. Masked values appear as •••••••• and cannot be viewed after save.
Best Practices
- Never commit secrets to version control.
- Use masked variables for API keys, tokens, and passwords.
- Prefix public client-side variables with
NEXT_PUBLIC_(Next.js). - Rotate credentials regularly using the dashboard.