Environment Variables

Store API keys, tokens, and secrets securely. Access them in your generated tools at runtime.

Secure by design: Variables are encrypted at rest and only injected into your tools when they execute. Values are never visible after saving.

Quick Start

Add variables in .env format:

OPENAI_API_KEY=sk-...
STRIPE_SECRET_KEY=sk_live_...
DATABASE_URL=postgres://...
WEBHOOK_SECRET=whsec_...

Adding Environment Variables

Step 1: Navigate to Settings

Go to Settings → Environment in your dashboard.

Step 2: Add Variables

You can add variables in two ways:

Option A: Paste .env Format

  1. Click "Add variables"
  2. Paste your variables in .env format:
API_KEY=your-key-here
SECRET_TOKEN=your-token-here
  1. Click "Add" to parse the variables
  2. Review the parsed variables
  3. Click "Save" to store them

Option B: Add One at a Time

Add variables individually using the same .env format, one per line.

Step 3: Verify

After saving, your variables appear in the "Saved Variables" list. Note that you can only see a preview (first 4 characters) for security reasons.

Important: Once saved, variable values cannot be viewed again. To update a variable, delete it and add it again with the new value.

Using Variables in Your Tools

Access your environment variables in generated tool code using env.YOUR_KEY_NAME:

const apiKey = env.OPENAI_API_KEY;
const stripeKey = env.STRIPE_SECRET_KEY;

// Use the key in API calls
const response = await fetch('https://api.example.com/data', {
  headers: {
    'Authorization': `Bearer ${apiKey}`
  }
});

How It Works

  1. When you generate a tool, anytool knows which env vars you have
  2. When the tool executes, variables are injected as env object
  3. Your tool code accesses them via env.VARIABLE_NAME

Common Use Cases

API Keys

Store API keys for external services:

OPENAI_API_KEY=sk-...
STRIPE_SECRET_KEY=sk_live_...
SENDGRID_API_KEY=SG....
TWILIO_AUTH_TOKEN=...

Database URLs

Store database connection strings:

DATABASE_URL=postgres://user:pass@host:5432/db
REDIS_URL=redis://localhost:6379

Webhook Secrets

Store secrets for verifying webhooks:

WEBHOOK_SECRET=whsec_...
GITHUB_WEBHOOK_SECRET=your-secret

OAuth Tokens

Store OAuth tokens and refresh tokens:

GMAIL_TOKEN=ya29....
SLACK_BOT_TOKEN=xoxb-...

Special Case: OPENROUTER_APIKEY

If you add OPENROUTER_APIKEY, anytool will use it for AI model calls during tool generation. You'll be billed directly by OpenRouter/OpenAI instead of anytool.

See the full guide: Using Your Own OpenRouter Key

Security

Encryption

  • All variables are encrypted at rest
  • Values are only decrypted when injected into executing tools
  • Values cannot be viewed after saving (only preview shown)

Best Practices

  • Never commit keys: Always use environment variables, never hardcode secrets in tool code
  • Use descriptive names: Use clear, consistent naming like STRIPE_SECRET_KEY not SECRET1
  • Rotate regularly: Update keys periodically and delete old ones
  • Principle of least privilege: Only add keys your tools actually need

What Happens to Your Keys

  1. You add a variable via Settings → Environment
  2. It's encrypted and stored securely
  3. When a tool runs, the variable is injected as env.KEY_NAME
  4. The tool can access it but cannot modify or expose it (beyond what your code does)

Managing Variables

Viewing Variables

In Settings → Environment, you can see all your saved variables with:

  • Variable name
  • Creation date
  • Value preview (first 4 characters)

Updating Variables

To update a variable:

  1. Delete the existing variable
  2. Add it again with the new value

Deleting Variables

Click the trash icon next to any variable to delete it. This action is permanent.

Troubleshooting

Variable Not Found in Tool

If your tool can't access a variable:

  1. Verify the variable name matches exactly (case-sensitive)
  2. Check it's saved in Settings → Environment
  3. Ensure you're accessing it as env.VARIABLE_NAME (uppercase convention)

Value Seems Wrong

If your tool is getting unexpected values:

  1. Check for extra spaces or quotes around the value
  2. Verify the variable was saved correctly (delete and re-add if needed)
  3. Test with a simple tool that just returns the env value

Parsing .env Format

If variables aren't parsing correctly:

  • Use format: KEY=value (no spaces around =)
  • Omit quotes unless they're part of the value
  • Comments (lines starting with #) are ignored
  • Empty lines are ignored

Examples

Example: Using Stripe API

1. Add to environment:

STRIPE_SECRET_KEY=sk_live_51AbCdEf...

2. Use in tool code:

const stripeKey = env.STRIPE_SECRET_KEY;

const response = await fetch('https://api.stripe.com/v1/charges', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${stripeKey}`,
    'Content-Type': 'application/x-www-form-urlencoded'
  },
  body: 'amount=1000&currency=usd'
});

Example: Connecting to Database

1. Add to environment:

DATABASE_URL=postgres://user:pass@host:5432/dbname

2. Use in tool code:

const dbUrl = env.DATABASE_URL;
// Use dbUrl to connect to your database

Next Steps