Environment Variables
Backends read their configuration — PocketBase URLs, API keys, third-party secrets — from environment variables. PocketBase Cloud stores them encrypted at rest and injects them into your container at startup, so secrets never live in your code or your ZIP archive.
Adding variables
- Open your backend and go to the Env Vars page
- Click Add Variable, enter a key and value
- Save
You can also paste an entire .env file to set many variables at once —
each KEY=value line becomes one variable.
Using variables in your code
Variables are available through the standard runtime APIs:
// Node.js / Bun / Next.js
const apiKey = process.env.STRIPE_SECRET_KEY;
// Deno
const apiKey = Deno.env.get("STRIPE_SECRET_KEY");
Applying changes
Environment variables are injected when the container starts. After adding or changing variables, redeploy (or restart) the backend for the new values to take effect.
Reserved variables
PocketBase Cloud manages a few variables for you:
PORT— the port your app must listen on. Don’t override it; read it and bind to it.
Deployments created from a template
also come pre-configured with POCKETBASE_URL, ENV, and CORS settings
pointing at the template’s PocketBase instance.
Security notes
- Values are encrypted at rest and only decrypted when your container starts
- Values are write-only in the dashboard — treat them like a password manager entry and keep a copy of anything you can’t regenerate
- Prefer environment variables over committing secrets to your repository, even for “temporary” testing