Skip to main content

Secrets and Environment Variables

You can store sensitive information such as API keys, credentials, and more in your Repl with Secrets. Get started by clicking on the Secrets icon in the Tools section.

secrets icon

How Replit keeps your Secrets safe

Only you and your invited collaborators can see Secret values in a Repl. Secrets data is encrypted with AES-256 at rest, and encryption keys are stored in a secure location that is protected by multiple layers of security. To help protect against key compromise, encryption keys are rotated regularly. Data in transit is encrypted using TLS. These measures safeguard your Secrets against breaches and vulnerabilities to ensure secure storage and protection.

Managing Secrets

You can easily and securely edit your Repl's secrets/environment variables with the Secrets tool. Alternatively, you can open the raw JSON editor if you want to quickly edit multiple secrets at the same time.

secrets tab

Accessing Secrets

In most Repls, you will be provided with instructions on how to access secrets in your code. Here are some examples of widely-used programming languages:

Python

import os
print(os.getenv("MY_SECRET"))

JavaScript

console.log(process.env.MY_SECRET);

Java

System.out.println(System.getenv("MY_SECRET"))

FAQs

Why can't I see the Secrets Pane?

HTML/CSS/JS Repls don't have Secrets since they are statically hosted.

Why aren't my secrets updating?

Restarting your Repl will reload its secrets, exposing them to your Repl's environment again.

What happens when someone forks my Repl?

A forked Repl will contain the keys, but not the values, of the secrets/environment variables from the original Repl it was forked from.