# Environment Variables Environment variables are key-value pairs that configure your application at runtime. They're used for database connections, API keys, feature flags, and other settings that change between environments. ## How environment variables work in Hydron Environment variables in Hydron are: - **Encrypted at rest** — Sensitive values are encrypted with AES-256 - **Injected at runtime** — Passed to Docker containers when they start - **Per-service** — Each service has its own set of variables - **Never logged** — Sensitive values are redacted from deployment logs ## Setting environment variables ### During code analysis When Hydron analyzes your repository, it detects environment variables referenced in your code. Common patterns it recognizes: - `process.env.DATABASE_URL` (Node.js) - `os.environ.get('SECRET_KEY')` (Python) - `ENV['REDIS_URL']` (Ruby) - `.env` file references Detected variables appear in the service configuration with empty values for you to fill in. ### Through the chat Tell the AI to set environment variables: ``` "Set the DATABASE_URL for api-server to postgres://user:pass@host:5432/mydb" "Add a STRIPE_SECRET_KEY variable to the payment service" "Set NODE_ENV to production for all services" ``` ### Through the sidebar 1. Open the **Services** tab in the right sidebar 2. Click on a service 3. Find the **Environment Variables** section 4. Add, edit, or remove variables  ## Common environment variables Here are commonly used environment variables by category: ### Application | Variable | Description | Example | |----------|-------------|---------| | `NODE_ENV` | Runtime environment | `production` | | `PORT` | Server listen port | `3000` | | `HOST` | Server bind address | `0.0.0.0` | | `LOG_LEVEL` | Logging verbosity | `info` | ### Database | Variable | Description | Example | |----------|-------------|---------| | `DATABASE_URL` | Full connection string | `postgres://user:pass@host:5432/db` | | `DB_HOST` | Database hostname | `postgres.internal` | | `DB_PORT` | Database port | `5432` | | `DB_NAME` | Database name | `myapp` | | `DB_USER` | Database username | `app_user` | | `DB_PASSWORD` | Database password | `(secret)` | ### Cache & Queue | Variable | Description | Example | |----------|-------------|---------| | `REDIS_URL` | Redis connection string | `redis://redis:6379` | | `CACHE_TTL` | Cache time-to-live | `3600` | ### Authentication | Variable | Description | Example | |----------|-------------|---------| | `JWT_SECRET` | Token signing secret | `(secret)` | | `SESSION_SECRET` | Session encryption key | `(secret)` | | `OAUTH_CLIENT_ID` | OAuth client identifier | `abc123` | | `OAUTH_CLIENT_SECRET` | OAuth client secret | `(secret)` | ### External services | Variable | Description | Example | |----------|-------------|---------| | `STRIPE_SECRET_KEY` | Payment processing | `sk_live_...` | | `SMTP_HOST` | Email server | `smtp.gmail.com` | | `S3_BUCKET` | Storage bucket name | `my-app-uploads` | | `API_KEY` | Third-party API key | `(secret)` | ## Cross-service references When services within the same project need to communicate, Hydron can automatically configure cross-service environment variables. For example, if your `api-server` depends on a `postgres` service, Hydron sets: ~~~ api-server: DATABASE_URL = postgres://user:pass@postgres:5432/mydb ^^^^^^^^ Internal service name ~~~ Services within the same deployment can reach each other by their service name as the hostname. ## Best practices - **Never hardcode secrets** — Always use environment variables for API keys, passwords, and tokens - **Use descriptive names** — `DATABASE_URL` is better than `DB` - **Group related variables** — Use prefixes like `SMTP_`, `AWS_`, `STRIPE_` for organization - **Keep defaults sensible** — Set non-sensitive defaults where appropriate (ports, log levels) - **Document required variables** — Add descriptions to help team members understand what each variable does ## Updating variables after deployment To update environment variables after your app is deployed: 1. Change the values through the chat or sidebar 2. Ask the AI to redeploy the affected service 3. The container restarts with the new values Changes to environment variables require a container restart to take effect.