Environment Variables
Environment variables are key-value pairs that configure your application at runtime. They're used for database connections, API keys, feature flags, and other settings that change between environments.
How environment variables work in Hydron
Environment variables in Hydron are:
- Encrypted at rest — Sensitive values are encrypted with AES-256
- Injected at runtime — Passed to Docker containers when they start
- Per-service — Each service has its own set of variables
- Never logged — Sensitive values are redacted from deployment logs
Setting environment variables
During code analysis
When Hydron analyzes your repository, it detects environment variables referenced in your code. Common patterns it recognizes:
process.env.DATABASE_URL(Node.js)os.environ.get('SECRET_KEY')(Python)ENV['REDIS_URL'](Ruby).envfile references
Detected variables appear in the service configuration with empty values for you to fill in.
Through the chat
Tell the AI to set environment variables:
"Set the DATABASE_URL for api-server to postgres://user:pass@host:5432/mydb"
"Add a STRIPE_SECRET_KEY variable to the payment service"
"Set NODE_ENV to production for all services"
Through the sidebar
- Open the Services tab in the right sidebar
- Click on a service
- Find the Environment Variables section
- Add, edit, or remove variables
Common environment variables
Here are commonly used environment variables by category:
Application
| Variable | Description | Example |
|---|---|---|
NODE_ENV | Runtime environment | production |
PORT | Server listen port | 3000 |
HOST | Server bind address | 0.0.0.0 |
LOG_LEVEL | Logging verbosity | info |
Database
| Variable | Description | Example |
|---|---|---|
DATABASE_URL | Full connection string | postgres://user:pass@host:5432/db |
DB_HOST | Database hostname | postgres.internal |
DB_PORT | Database port | 5432 |
DB_NAME | Database name | myapp |
DB_USER | Database username | app_user |
DB_PASSWORD | Database password | (secret) |
Cache & Queue
| Variable | Description | Example |
|---|---|---|
REDIS_URL | Redis connection string | redis://redis:6379 |
CACHE_TTL | Cache time-to-live | 3600 |
Authentication
| Variable | Description | Example |
|---|---|---|
JWT_SECRET | Token signing secret | (secret) |
SESSION_SECRET | Session encryption key | (secret) |
OAUTH_CLIENT_ID | OAuth client identifier | abc123 |
OAUTH_CLIENT_SECRET | OAuth client secret | (secret) |
External services
| Variable | Description | Example |
|---|---|---|
STRIPE_SECRET_KEY | Payment processing | sk_live_... |
SMTP_HOST | Email server | smtp.gmail.com |
S3_BUCKET | Storage bucket name | my-app-uploads |
API_KEY | Third-party API key | (secret) |
Cross-service references
When services within the same project need to communicate, Hydron can automatically configure cross-service environment variables.
For example, if your api-server depends on a postgres service, Hydron sets:
api-server:
DATABASE_URL = postgres://user:pass@postgres:5432/mydb
^^^^^^^^
Internal service name
Services within the same deployment can reach each other by their service name as the hostname.
Best practices
- Never hardcode secrets — Always use environment variables for API keys, passwords, and tokens
- Use descriptive names —
DATABASE_URLis better thanDB - Group related variables — Use prefixes like
SMTP_,AWS_,STRIPE_for organization - Keep defaults sensible — Set non-sensitive defaults where appropriate (ports, log levels)
- Document required variables — Add descriptions to help team members understand what each variable does
Updating variables after deployment
To update environment variables after your app is deployed:
- Change the values through the chat or sidebar
- Ask the AI to redeploy the affected service
- The container restarts with the new values
Changes to environment variables require a container restart to take effect.