Getting Started Deploying Custom Domains Environment Variables Database Addons Energy & Boosts CLI Reference API Reference MCP Integration

Environment Variables

Configure secrets and runtime settings for your deployments.

Auto-injected variables

Hatch automatically injects these environment variables into every deployment:

PORTThe port your egg should listen on

NODE_ENVSet to production for production deploys

HATCH_APP_NAMEThe name of your deployed project

DATABASE_URLConnection string (when a database is provisioned)

Setting custom variables

Set environment variables using the CLI:

# Set a variable
hatch env set API_KEY=sk-my-secret

# Set multiple variables
hatch env set DB_HOST=db.example.com DB_PORT=5432

# Import from a .env file
hatch env set --from-env .env

# List all variables (sensitive values are masked)
hatch env

# List with full secret values visible
hatch env --show-secrets

# Remove a variable
hatch env unset API_KEY

Secrets

Environment variables are encrypted at rest and only decrypted during build and at runtime. By default, hatch env masks sensitive values (passwords, tokens, keys, DSNs). Use --show-secrets to reveal full values. The MCP tools get_env and list_env_vars also accept a show_secrets parameter.