Secrets
The Secrets workspace tool lets you securely store sensitive information your app needs as encrypted environment variables.
The Secrets tool stores and encrypts secrets, your Replit App’s sensitive information, such as API keys, authentication tokens, and database connection strings.
When you add a secret, the tool automatically encrypts the data and makes it available to your Replit App as an environment variable. This approach lets you eliminate hard-coding secrets in your code and reduce the risk of exposing them.
Hard-coding secrets in your codebase can lead to accidental exposure in the following scenarios:
- Sharing your code with others through a public Replit App or copy-paste
- Checking your code into version control in a public repository
- Live streaming or screen sharing your code
Use the Secrets tool to confidently share your code without worrying about exposing credentials.
Secrets workspace tool
Features
Secrets include the following features:
- End-to-end encryption: Automatically protect your data using AES-256 encryption at rest and TLS encryption in transit
- App-level secrets: Store and manage secrets that are specific to a Replit App
- Account-level secrets: Store and manage secrets that you can make available across all your Replit Apps
- Environment variable access: Access your secrets from your code using environment variables
- Collaborative access: Share secrets with collaborators and team members
Usage
Secrets are available for all deployment types except Static Deployments.
You can access Secrets in the Secrets workspace tool.
All tools to see a list of workspace tools.
Secrets.
magnifying glass at the top to open the search toolManage App Secrets
You can manage your app-level secrets in the App Secrets tab in the Secrets pane. This tab displays a list of all secrets associated with your Replit App.
vertical dots menu next to the secret.
eye icon next to the secret.
eye with slash icon.Manage Account Secrets
You can manage your account-level secrets in the Account Secrets tab in the Secrets pane. This tab displays a list of only secrets associated with your Replit account.
Manage Account.
pencil icon next to the secret.Access secrets in your code
Managing secrets visibility
Secrets visibility depends on your access to a Replit App and whether you authored it.
You can use one of the options to share your Replit App:
- Multiplayer: Invite Replit users to collaborate in real-time
- Cover page: Show a preview of your Replit App with the option to remix it
- Remix: Make your individual or organization’s Replit App public so others can create their version
The following table shows secret name and value visibility in the different scenarios:
| Access Method | Who | Can See Names | Can See Values |
|---|---|---|---|
| Multiplayer | Multiplayer collaborator | ✓ | ✓ |
| Multiplayer | Organization member (Owner role) | ✓ | ✓ |
| Multiplayer | Organization member (Non-owner) | ✓ | |
| Cover Page | Any visitor | ||
| Remix | Owner/collaborator remixing own Replit App | ✓ | ✓ |
| Remix | Non-owner/collaborator remixing Replit App | ✓ | |
| Remix | Anyone remixing from cover page | ✓ | |
| Organization Remix | Organization member with Owner role | ✓ | ✓ |
| Organization Remix | Organization member without Owner role | ✓ |
Organization members without the Owner role cannot view secret values in a Replit App, but can access their values by printing the environment variables.
Database and storage related secrets
When you add Replit’s database or object storage, the workspace automatically creates the following secrets:
| Secret | Description |
|---|---|
DATABASE_URL | SQL database connection string |
PGHOST | PostgreSQL hostname |
PGUSER | PostgreSQL username |
PGPASSWORD | PostgreSQL password |
PGDATABASE | PostgreSQL database name |
PGPORT | PostgreSQL port |
To view all environment variables in your Replit App, run printenv in the Shell workspace tool or print them from your code.
Predefined environment variables
Replit automatically sets the following environment variables that you can access from your app:
| Environment Variable | Description |
|---|---|
REPLIT_DOMAINS | Comma-separated list of all domains associated with your Replit App |
REPLIT_USER | Username of the current editor, which may vary in Multiplayer sessions |
REPLIT_DEPLOYMENT | Set to 1 if the code is running in a deployment, unset otherwise |
REPLIT_DEV_DOMAIN | Development URL on the replit.dev domain, which is different from the Deployment URL |
These are not listed in the Secrets tool, but you can access them in your code using the os.environ object or running printenv in the Shell.