# Environment variables in BCMS Environment variables in BCMS let you securely store configuration values such as API keys, database credentials, and service tokens. These values are injected into your [functions](/docs/extending/functions) and can be managed per instance. --- ## Accessing environment variables 1. Go to your BCMS instance dashboard 2. Click Settings 3. Select Environment variables from the side menu ![](https://app.thebcms.com/api/v3/org/620528baca65b6578d29868d/instance/670e90c0cedcf9e4d34d1a23/media/686bbc16d584eab8e2effa81/bin2/CleanShot%202025-07-07%20at%2014.22.16%402x.jpg?apiKey=670e90c0cedcf9e4d34d24e7.a2132a1499ac4abf17c3c3183070d09975292fb5fe5c0f15d2d8c9288171554b) You can also go directly to: /settings/env-vars --- ## Interface overview ### Left panel – List of variables - Displays all existing environment variables - Shows “No environment variables” when empty - Clicking an item selects it and highlights it - Button at the top: Add new variable ### Right panel – Detail view - Shows selected variable’s name and value (masked) - Used for editing or creating variables - Displays “No environment variables” when nothing is selected --- ## Managing environment variables ### Add a new variable 1. Click Add new variable 2. Fill in the form:Name: For example, API_KEY, DATABASE_URL 3. Value: For example, sk-123456..., postgres://... 4. Click Add variable to save 5. Or click Cancel to discard #### Validation rules - Name is required - Value is required - Names must be unique within the instance --- ### Edit a variable 1. Select a variable from the list 2. Update the name or value 3. Click Update variable to save 4. Click Cancel to discard changes --- ### Delete a variable 1. Select the variable 2. Click the Delete button (trash icon) 3. Confirm the action in the dialog ⚠️ Deleting a variable is irreversible --- ## Security features - Variable values are hidden by default (password field) - Data is securely stored and encrypted - Only users with the Admin role can manage environment variables - All changes are synced in real time via WebSocket --- ## Usage in functions Environment variables are automatically available in BCMS functions: ```TYPESCRIPT process.env.MY_SECRET_KEY; ``` You can use them for authenticating requests, connecting to third-party APIs, managing service credentials, and more. --- ## Best practices ### Naming - Use uppercase with underscores: MY_API_KEY - Be descriptive: STRIPE_SECRET_KEY, not just KEY - Include service names: GOOGLE_ANALYTICS_ID, SUPABASE_URL ### Organization - Group variables by service using common prefixes - Remove unused variables regularly - Keep a separate internal doc for what each variable does ### Security - Never commit environment variables to version control - Use strong, unique secrets - Rotate credentials periodically - Limit variable access to Admins only --- ## Troubleshooting ### Variable not available? - Double-check spelling - Confirm the variable was saved - Ensure you have Admin permissions ### Duplicate names? - Each variable name must be unique - Check the list before adding new ones ### Permission errors? - Only Admins can create, edit, or delete environment variables - Ask an Admin to update your role if needed --- ## Read next [Using Functions in BCMS](/docs/extending/functions) [Using BCMS Webhooks](/docs/extending/webhooks)