Environment Variables & Secrets Management
Environment variables let you separate configuration from code, keeping sensitive data like API keys, database passwords, and third-party tokens out of your source control. GoSiteMe and GoCodeMe IDE provide multiple layers for managing environment variables securely.
Where to Define Environment Variables
| Scope | Location | Use Case |
|---|---|---|
| Project | .env file in project root | Development defaults, non-sensitive config |
| Hosting | Dashboard → Hosting → Environment | Production variables for your live site |
| CI/CD | Project Settings → CI/CD → Variables | Build-time secrets (API keys, tokens) |
| GoCodeMe IDE | Settings → Terminal → Env Variables | IDE-specific variables for local development |
Using .env Files
Create a .env file in your project root:
DATABASE_URL=mysql://user:pass@localhost/mydb
API_KEY=sk-abc123
DEBUG=trueImportant: Always add .env to your .gitignore file so secrets are never committed to version control. Include a .env.example file with placeholder values for team reference.
Hosting Environment Variables
- Navigate to Dashboard → Hosting → Environment Variables.
- Click Add Variable.
- Enter the key and value. Toggle Encrypted if the value is sensitive—encrypted values are stored with AES-256 and only decrypted at runtime.
- Click Save. Variables are available to your application immediately without a restart.
Accessing Variables in Code
- PHP:
$_ENV['API_KEY']orgetenv('API_KEY') - Node.js:
process.env.API_KEY - Python:
os.environ['API_KEY']
Secrets Best Practices
- Never hardcode secrets in your source code—always reference environment variables.
- Rotate API keys and tokens every 90 days.
- Use different values for development, staging, and production environments.
- Limit access to production secrets to only team members who need them.
- Audit environment variable access logs under Account → Security → Audit Log.
Alfred Integration
You can ask Alfred to manage variables:
- "Alfred, set the STRIPE_KEY environment variable on production."
- "Alfred, list all environment variables for my staging site."
- "Alfred, rotate the database password and update the environment variable."