Skip to main content
Environment variable secrets are injected as standard environment variables when your environment starts. The secret name becomes the variable name. 
echo $APP_ENV

When to use environment variables

Use environment variables for non-sensitive configuration:
  • Application modes - APP_ENV=development, DEBUG=true
  • Feature flags - ENABLE_NEW_UI=true
  • Endpoints - API_BASE_URL=https://api.example.com
Security tradeoff: Environment variables can leak through process listings (ps auxe), logs, and crash dumps. File secrets are more secure - they’re not visible in process listings and won’t appear in logs.However, many tools (including MCP servers) expect credentials as environment variables. For API keys that can be rotated, this tradeoff is often acceptable. For passwords and private keys, prefer file secrets.

Create an environment variable secret

  1. Navigate to Project → Secrets or Settings → Secrets
  2. Click New Secret and select Environment Variable
  3. Configure:
    • Name: Variable name (e.g., LINEAR_API_KEY)
    • Value: The secret value (max 4KB)
New secret dialog with Environment Variable type selected showing name and value fields

Access the variable

Available immediately in your environment: 
# In shell
echo $APP_ENV

# In Node.js
process.env.APP_ENV

# In Python
os.environ['APP_ENV']

Update a secret

  1. Navigate to Project → Secrets or Settings → Secrets
  2. Click Edit, update the value, click Save
Edit secret dialog showing the value field ready to be updated
New environments get the updated value. Running environments need a restart to pick up changes.