BIENVENUE10valid for the first month only! on all offersView plans
Skip to content
← Knowledge base

Manage your app's environment variables

Add, edit and secure your environment variables (API keys, secrets) from the panel.

Manage your app’s environment variables

Environment variables store an application’s sensitive or variable configuration (API keys, database URLs, session secrets, tokens). On onesubnet Cloud, they are managed from the panel and injected into the runtime at startup.

Cause / The problem

Hard-coding a secret in the source code (Git commit) makes it visible to everyone and impossible to rotate. Environment variables separate configuration from code and let you change a key without redeploying the application.

Solution

  1. Open your app in the Cloud panel → Environment / Variables tab.
  2. Add a variable: name (e.g. DATABASE_URL), value, then confirm. Names follow the UPPERCASE_WITH_UNDERSCORES convention.
  3. Common variable types:
    • Connections: DATABASE_URL, REDIS_URL.
    • Auth: JWT_SECRET, SESSION_SECRET.
    • Third-party APIs: STRIPE_SECRET_KEY, DISCORD_TOKEN, SMTP_PASSWORD.
    • Runtime: NODE_ENV=production, PORT=3000, LOG_LEVEL=info.
  4. Mark secrets as sensitive if the panel offers the Secret / Masked option: the value is hidden in the UI and never appears in logs.
  5. Access the variables in your code depending on the runtime:
    • Node.js / Bun / Deno: process.env.DATABASE_URL.
    • Python: os.environ["DATABASE_URL"] or via python-dotenv locally.
    • Go: os.Getenv("DATABASE_URL").
    • Java: System.getenv("DATABASE_URL").
    • C# (.NET): Environment.GetEnvironmentVariable("DATABASE_URL") or IConfiguration.
    • Elixir: System.get_env("DATABASE_URL").
    • Dart: Platform.environment["DATABASE_URL"].
    • Rust: std::env::var("DATABASE_URL").
  6. Restart the app after changes: variables are injected at boot, not hot-reloaded.
  7. Rotation: change the value, restart, and the old key stops being used. For a Stripe API key or a JWT secret, rotate every 6-12 months.
  8. Never commit a .env to Git. Locally, use a .env ignored by .gitignore; in production, the panel is the only source.

To share the same configuration across environments (preview, prod), duplicate variables via the panel’s import/export tool. A compromised production secret must be revoked at the provider (Stripe, Discord…) and replaced, not just removed from the panel.

Related products

Node.js Python Go Java Rust Bun

Similar articles

Deploy a Bun application on onesubnet

Deploy a JavaScript app with Bun: install, start, port and environment variables.

Deploy a Dart application on onesubnet

Deploy a Dart backend (shelf / dart_frog): dependencies, run, port and environment variables.

Deploy a C# .NET application on onesubnet

Deploy ASP.NET / .NET services: dotnet build, run the DLL, port and environment variables.

Connect to your database remotely

Retrieve host, port and credentials, then authorize your client IP in the panel.
oneSubnet

French hosting provider in Paris. High-performance game and voice servers.

FREN

SERVICES

Game ServersVoice ServersGameBox ServicesCloud Services

Resources

Knowledge baseBlogSitemap

LEGAL

Legal NoticeTerms of ServicePrivacy PolicyProhibited ActivitiesReferral program

© 2026 oneSubnet. All rights reserved.

All systems operational