Environment variables in BCMS

Environment variables in BCMS let you securely store configuration values such as API keys, database credentials, and service tokens. These values are injected into your functions and can be managed per instance.


Accessing environment variables

  1. Go to your BCMS instance dashboard

  2. Click Settings

  3. Select Environment variables from the side menu

CleanShot 2025-07-07 at 14.22.16@2x.jpg

You can also go directly to: /settings/env-vars


Interface overview

Left panel – List of variables

  • Displays all existing environment variables

  • Shows “No environment variables” when empty

  • Clicking an item selects it and highlights it

  • Button at the top: Add new variable

Right panel – Detail view

  • Shows selected variable’s name and value (masked)

  • Used for editing or creating variables

  • Displays “No environment variables” when nothing is selected


Managing environment variables

Add a new variable

  1. Click Add new variable

  2. Fill in the form:

    • Name: For example, API_KEY, DATABASE_URL

    • Value: For example, sk-123456..., postgres://...

  3. Click Add variable to save

  4. Or click Cancel to discard

Validation rules

  • Name is required

  • Value is required

  • Names must be unique within the instance


Edit a variable

  1. Select a variable from the list

  2. Update the name or value

  3. Click Update variable to save

  4. Click Cancel to discard changes


Delete a variable

  1. Select the variable

  2. Click the Delete button (trash icon)

  3. Confirm the action in the dialog

⚠️ Deleting a variable is irreversible


Security features

  • Variable values are hidden by default (password field)

  • Data is securely stored and encrypted

  • Only users with the Admin role can manage environment variables

  • All changes are synced in real time via WebSocket


Usage in functions

Environment variables are automatically available in BCMS functions:

process.env.MY_SECRET_KEY;

You can use them for authenticating requests, connecting to third-party APIs, managing service credentials, and more.


Best practices

Naming

  • Use uppercase with underscores: MY_API_KEY

  • Be descriptive: STRIPE_SECRET_KEY, not just KEY

  • Include service names: GOOGLE_ANALYTICS_ID, SUPABASE_URL

Organization

  • Group variables by service using common prefixes

  • Remove unused variables regularly

  • Keep a separate internal doc for what each variable does

Security

  • Never commit environment variables to version control

  • Use strong, unique secrets

  • Rotate credentials periodically

  • Limit variable access to Admins only


Troubleshooting

Variable not available?

  • Double-check spelling

  • Confirm the variable was saved

  • Ensure you have Admin permissions

Duplicate names?

  • Each variable name must be unique

  • Check the list before adding new ones

Permission errors?

  • Only Admins can create, edit, or delete environment variables

  • Ask an Admin to update your role if needed