Environment Variables
Scan your repositories, review detected variables, and keep your app's runtime configuration in sync with Devpilot.
Devpilot handles environment variables differently from most deploy platforms: instead of only storing a manual list of key/value pairs, it scans your repository to find every variable your code actually references, classifies each one, and then lets you fill in the values that are missing. This page explains how the workflow behaves end-to-end.
The env var model
Each app has two complementary collections:
Detected variables
Variables Devpilot found by scanning your repo. Stored with their source file, default value, classification, category, and AI-generated description.
Configured values
The values you have actually set for this app, either typed in the dashboard, imported from a .env file, or synced from the server.
When you open the Environment Variables tab for an app, Devpilot merges both collections and shows them side by side so you can tell at a glance which variables are still missing a value.
Running a scan
A scan reads the latest completed repository scan for the app, extracts every environment variable reference, and writes the results into the detected-variables table.
Open the Environment Variables tab
Navigate to the app and click Environment Variables.
Click Scan
Devpilot kicks off a scan that walks through the files in your latest repo scan, classifies every variable, and stores the results. Scans are rate-limited to 10 per minute per app, so successive scans will wait if you trigger them in quick succession.
Review the results
After the scan completes you will see:
- Detected — every variable found, with its source file and default value if present in the code (for example
.env.example). - New — variables that are new compared to the previous scan.
- Missing required — variables the classifier considers required but that do not yet have a configured value.
If you see No completed repository scan found, run a repository scan first from the app's Source Control tab. Env var scanning relies on that output.
What Devpilot records for each variable
For every detected variable Devpilot stores:
| Field | Description |
|---|---|
| Name | The variable identifier (for example DATABASE_URL). |
| Source and Source file | Where the reference was found in your repo. |
| Default value | Default read from .env.example or similar, if present. |
| Current value | The value currently configured for the app, if any. |
| Classification | Required vs. optional, based on how the variable is used. |
| Type | Data shape hint (string, URL, number, boolean, etc.). |
| Category | Grouping such as database, auth, mail, or integration. |
| AI description | A short plain-language explanation of what the variable does. |
| Validation rule | Optional rule Devpilot uses when you enter a value. |
| Is configured | Whether a value has been set. |
| Is secret | Whether Devpilot treats the value as sensitive and masks it. |
| Is flagged / flag reason | Marks variables that need attention (missing, conflicting, etc.). |
Setting values
Pick the variable
In the Environment Variables list, find the variable you want to set. Missing values are clearly marked.
Enter the value
Click into the value field and type the value you want. Variable names must start with a letter or underscore and contain only letters, numbers, and underscores.
Mark as encrypted (optional)
Toggle Encrypted if the value is sensitive. Encrypted values are masked in the dashboard.
Save
Save the row. Devpilot updates the configured value immediately; the new value is written to the server on the next deploy.
Bulk setting values
To set many variables at once, use Bulk Set. You can submit up to 200 key/value pairs in one action, each with its own encryption flag. Variable names are validated against the same pattern.
Importing from a .env file
Instead of typing every variable, paste your existing .env file content.
Click Import
In the Environment Variables tab, choose Import.
Paste the contents
Paste up to 64 KB of .env content in the standard format:
DATABASE_URL=postgres://user:pass@host:5432/mydb
REDIS_URL=redis://localhost:6379
APP_SECRET=your-secret-value-here
APP_ENV=productionBlank lines and lines beginning with # are ignored.
Review and confirm
Devpilot parses the content, shows what will be created or overwritten, and commits the changes when you confirm.
Exporting
Click Export to receive the current configured values as a .env-formatted string. This is handy for seeding a new environment or backing up values locally.
Preflight checks
Before a deploy, Devpilot can run a preflight check that reports any variables the classifier marks as required but that are still unset, flagged, or invalid. You can trigger this check manually from the Environment Variables tab and it also runs automatically as part of deployments when enabled.
Scan history
The Scans view records every scan Devpilot has run for the app, along with:
- Who (or what) triggered it (user ID, webhook, or scheduled job)
- The trigger type
- Final status
- Counts for detected, missing, and newly-found variables
- Any error message if the scan failed
How values reach your server
When a deployment runs, Devpilot writes the merged set of configured values into the .env file inside the app's project path on the assigned server. Deployment hooks and the application process read the file at boot, so:
- Changing a value in Devpilot does not affect the running app until the next deploy.
- Encrypted values are only decrypted at deploy time and never logged.
- If you edit the server-side
.envdirectly, your change will be overwritten on the next Devpilot deploy.
Best practices
- Scan early, scan often. Re-scan after large feature branches merge so Devpilot can detect newly-referenced variables.
- Encrypt anything sensitive. Treat database credentials, API keys, signing secrets, and OAuth client secrets as secrets.
- Use separate apps per environment. Production, staging, and preview apps should hold their own values — never reuse production secrets elsewhere.
- Review flagged variables. A flagged variable means Devpilot thinks something is off (missing, invalid, or duplicated). Resolve these before deploying.
- Back up secrets externally. Once encrypted, Devpilot will not show you the raw value again. Keep a copy in your secret manager.