Docs/Deployments/Environment Variables

Environment Variables

Configure your app with environment variables. Your AI assistant handles the setup — just tell it what your app needs.

Your AI Assistant Manages This

Environment variables are defined in your nexlayer.yaml file under the vars section. Just tell your AI assistant what environment variables your app needs, and it will configure them correctly.

Basic Usage

Environment variables are defined per-pod in your nexlayer.yaml:

nexlayer.yaml

application:
  name: my-app

pods:
  - name: api
    image: myuser/api:latest
    path: /api
    servicePorts: [3000]
    vars:
      NODE_ENV: production
      LOG_LEVEL: info
      API_KEY: your-api-key

Connecting Services

The most common use of environment variables is connecting your services together. Use Nexlayer's internal DNS to reference other pods:

Database Connection

pods:
  - name: postgres
    image: postgres:15
    servicePorts: [5432]
    vars:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: secretpassword
      POSTGRES_DB: myapp

  - name: api
    image: myuser/api:latest
    servicePorts: [3000]
    vars:
      # Reference postgres using internal DNS
      DATABASE_URL: postgresql://postgres:secretpassword@postgres.pod:5432/myapp

Format: <pod-name>.pod:<port>

Common Patterns

Database Connections

# PostgreSQL
DATABASE_URL: postgresql://user:pass@postgres.pod:5432/mydb

# MySQL
DATABASE_URL: mysql://user:pass@mysql.pod:3306/mydb

# MongoDB
MONGODB_URI: mongodb://user:pass@mongo.pod:27017/mydb

# Redis
REDIS_URL: redis://redis.pod:6379

API Connections

# Internal API
API_URL: http://api.pod:3000

# Frontend to Backend
NEXT_PUBLIC_API_URL: http://backend.pod:8080

External Services

# Third-party APIs
STRIPE_SECRET_KEY: sk_live_...
OPENAI_API_KEY: sk-...
SENDGRID_API_KEY: SG...

# OAuth
GITHUB_CLIENT_ID: ...
GITHUB_CLIENT_SECRET: ...

Secrets

For sensitive values like API keys, tokens, and certificates, use the secrets field instead of vars. Secrets are stored securely by Nexlayer and injected at runtime.

nexlayer.yaml — secrets

pods:
  - name: api
    image: myuser/api:latest
    servicePorts: [3000]
    secrets:
      # Variable type (default) — injected as env var
      - name: STRIPE_SECRET_KEY

      # File type — mounted at /var/secrets/tls-cert
      - name: tls-cert
        type: file
        fileName: cert.pem

Variable (default)

Injected as an environment variable. Access with process.env.STRIPE_SECRET_KEY.

File

Mounted as a read-only file at /var/secrets/{name}. For TLS certs, SSH keys, etc.

You can leave data empty in the YAML and set the value later in the dashboard under Deployments → Secrets. Secret values are never stored in the YAML — only in Nexlayer.

Security Note

Use secrets instead of vars for sensitive values. Secrets are stored securely by Nexlayer and never committed to version control.

Tip: Tell your AI assistant "use secrets for sensitive values" and it will configure them correctly in your nexlayer.yaml.

Framework-Specific Notes

Next.js

For client-side variables, prefix with NEXT_PUBLIC_:

vars:
  # Server-side only
  DATABASE_URL: postgresql://...

  # Available in browser
  NEXT_PUBLIC_API_URL: https://api.example.com

Vite / React

For client-side variables, prefix with VITE_:

vars:
  VITE_API_URL: https://api.example.com

Next Steps

Custom Domains →Scaling →