Environment Variables: The Right Way to Configure Self-Hosted Apps
API keys, database passwords, and configuration flags — learn how environment variables keep your self-hosted apps secure and portable.
What Are Environment Variables?
Environment variables are key-value pairs that configure an application from outside its code. Instead of hardcoding a database password in your source code, you set it as an environment variable that the application reads at runtime.
Why Environment Variables Matter
Security
Secrets like API keys and database passwords should never be in source code. Environment variables keep them separate and out of version control.
Portability
The same application image can run in development, staging, and production with different configurations — just change the environment variables.
Simplicity
No need to edit config files inside containers. Set the variable, restart the app, done.
Common Environment Variables
Database Connection
Authentication
External Services
Application Settings
Best Practices
Use Strong Random Values
For secrets and keys, generate strong random values. Use openssl rand -base64 32 or a password generator. Never use "password123" or "changeme."
Don't Commit .env Files
Add .env to your .gitignore. Use .env.example with placeholder values to document required variables.
Rotate Secrets Regularly
Change API keys and passwords periodically. If a secret might be compromised, rotate it immediately.
Separate Secrets from Config
Not all environment variables are secrets. LOG_LEVEL=info is configuration. DATABASE_PASSWORD=xyz is a secret. Treat them differently — secrets need encryption at rest.
Use Descriptive Names
DATABASE_URL is clear. DB_U is not. Future you will thank present you.
Environment Variables on TinyPod
TinyPod provides a secure environment variable editor for every deployed application:
No SSH, no file editing, no docker commands. Just set your variables and deploy.