Environment variables in BCMS
Environment variables in BCMS let you securely store configuration values such as API keys, database credentials, and service tokens. These values are injected into your functions and can be managed per instance.
Accessing environment variables
Go to your BCMS instance dashboard
Click Settings
Select Environment variables from the side menu

You can also go directly to: /settings/env-vars
Interface overview
Left panel – List of variables
Displays all existing environment variables
Shows “No environment variables” when empty
Clicking an item selects it and highlights it
Button at the top: Add new variable
Right panel – Detail view
Shows selected variable’s name and value (masked)
Used for editing or creating variables
Displays “No environment variables” when nothing is selected
Managing environment variables
Add a new variable
Click Add new variable
Fill in the form:
Name: For example,
API_KEY
,DATABASE_URL
Value: For example,
sk-123456...
,postgres://...
Click Add variable to save
Or click Cancel to discard
Validation rules
Name is required
Value is required
Names must be unique within the instance
Edit a variable
Select a variable from the list
Update the name or value
Click Update variable to save
Click Cancel to discard changes
Delete a variable
Select the variable
Click the Delete button (trash icon)
Confirm the action in the dialog
⚠️ Deleting a variable is irreversible
Security features
Variable values are hidden by default (password field)
Data is securely stored and encrypted
Only users with the Admin role can manage environment variables
All changes are synced in real time via WebSocket
Usage in functions
Environment variables are automatically available in BCMS functions:
process.env.MY_SECRET_KEY;
You can use them for authenticating requests, connecting to third-party APIs, managing service credentials, and more.
Best practices
Naming
Use uppercase with underscores:
MY_API_KEY
Be descriptive:
STRIPE_SECRET_KEY
, not justKEY
Include service names:
GOOGLE_ANALYTICS_ID
,SUPABASE_URL
Organization
Group variables by service using common prefixes
Remove unused variables regularly
Keep a separate internal doc for what each variable does
Security
Never commit environment variables to version control
Use strong, unique secrets
Rotate credentials periodically
Limit variable access to Admins only
Troubleshooting
Variable not available?
Double-check spelling
Confirm the variable was saved
Ensure you have Admin permissions
Duplicate names?
Each variable name must be unique
Check the list before adding new ones
Permission errors?
Only Admins can create, edit, or delete environment variables
Ask an Admin to update your role if needed