Skip to content

Environment & secrets

Services are configured through environment variables. Values marked as secrets are stored encrypted and hidden until explicitly revealed.

  1. Open a service and go to its Environment tab.
  2. Add a variable — a key and value.
  3. Toggle Secret for sensitive values (API keys, passwords) so they’re stored encrypted and masked in the UI.
  4. Save, then redeploy for the change to take effect.

The Env tab of a service

Secret values are write-only by default and shown masked. Reveal one deliberately when you need to read it back.

Variables can also be defined at the project level and inherited by every service in the project — handy for shared configuration. Service-level variables override project-level ones of the same name. Manage these from the project’s Variables panel.

Environment changes take effect on the next deploy. Trigger one from the service’s Deployments tab (or bitsreef deploy rebuild).

Terminal window
bitsreef env set DATABASE_URL "postgres://…" --service web
bitsreef env set API_KEY "sk_live_…" --service web --secret
bitsreef env list --service web
bitsreef env reveal API_KEY --service web
# Or set variables inline at deploy time:
bitsreef up -p my-project -n web -i my/app:tag --env PORT=8080 --env LOG_LEVEL=info