Environment variables let you configure your installations without changing code. They’re perfect for API keys, database URLs, and other configuration that changes between environments.

Managing Variables

1

Open Environment

Go to the Environments tab and select your environment
2

Select Installation

Find your installation and click the settings button
3

Configure Variables

In the Environment Variables section, you can:
  • Add new variables with name and value
  • Remove existing variables
  • Mark variables as sensitive
  • Import variables in bulk from .env format
Use UPPERCASE_WITH_UNDERSCORES format for environment variable names (e.g., DATABASE_URL, API_KEY).

Importing Environment Variables

You can import multiple environment variables at once using standard .env file format:
1

Click Import

In the Environment Variables section, click the Import button
2

Paste Variables

Paste your environment variables in .env format:
# Database configuration
DATABASE_URL=postgres://user:password@localhost:5432/mydb
DATABASE_POOL_SIZE=10

# API configuration
API_KEY=your-secret-key
DEBUG_MODE=false
3

Review and Import

Review the variables and click Import to add them to your installation

Supported Format

The import feature supports standard .env file format:
  • Each line should contain a single variable in KEY=VALUE format
  • Comments (lines starting with #) are ignored
  • Empty lines are ignored
  • Values can be quoted (both single and double quotes are supported)
Imported variables are added to your existing variables. If a variable with the same name already exists, the imported value will replace the existing one.

Sensitive Environment Variables

Sensitive environment variables provide an extra layer of security for sensitive values like API keys and passwords.
To mark a variable as sensitive, toggle the lock icon when creating or editing the variable.

End-to-End Encryption

Your sensitive values are encrypted immediately when saved. Only your running installation can decrypt and use these values.

Zero-Knowledge Design

The encrypted values are stored only on your installation. Not even Ryvn’s system can decrypt them, and they’re never displayed in the dashboard.

Value Updates

When you update a sensitive value, Ryvn ensures the change is processed reliably and atomically. The new value is securely encrypted and deployed to your installation, while the old value is securely destroyed in the process. This synchronous update process guarantees that your installation always has access to the correct secret values without any risk of race conditions or inconsistencies.