Skip to main content

Secrets and environment variables

Sensitive information, such as credentials and API keys, should be separate from your code.

This way you can share your code without giving other users access to your personal data or linked accounts.

A common way to give your application access to this information without leaking it to others is to store it in environment variables. Experienced developers might be used to using a package like dot-env and then putting the .env folder in a gitignore file, but this won't work well on Replit since you share your code on the platform (vs through GitHub).

To use environmental variables on Replit, click the padlock icon in the left-hand navigation bar.

The environment variables panel

Here you can add environment variables as key-value pairs and read these values from your backend code. Users who clone your repl will have access to all of the code, but will have to set their own values for these environment variables.

Adding, Viewing and Editing Environment Variables

To configure certain software and services, you'll need to add environment variables with specific keys and unique values given to you by your service provider (e.g. Stripe).

You can add a new variable by filling in the key and value fields and pressing "Add new secret". You can view or edit any previously saved variable by clicking on the name (by default, the values which are usually sensitive are not shown).

Using Environment Variables in Your Code

The sidebar will prompt you with example code based on the language used in your repl. Here are some examples for Python and JavaScript, assuming you have set environment variables with DB_USERNAME -> admin and TOKEN -> 38zdJSDF48fKJSD4824fN respectively.


import os
# prints 'admin'


// prints '38zdJSDF48fKJSD4824fN'

Note that you cannot set environment variables for repls that have only a frontend, e.g. HTML repls. Also note that environment variables set through the UI are not available in the Replit shell (e.g. with echo $MY_VARIABLE).