Pulsar
docs
← back to home

Environment Variables

All environment variables are encrypted at rest using AES-256-GCM. They are never shown in build logs or API responses — only decrypted at build time inside the container.

Setting variables

Dashboard

Open any project → Environment tab. Add key-value pairs, choose the scope, and save. Changes take effect on the next deploy.

CLI — single variable

pulsar env set DATABASE_URL "postgresql://..."
pulsar env set STRIPE_KEY "sk_live_..." --env production
pulsar env set DEBUG "true" --env preview

CLI — bulk from .env file

# Push your entire local .env to Pulsar
pulsar env push

# Push to a specific environment
pulsar env push --input .env.production --env production

Pulling variables locally

Download env vars from Pulsar to a local .env file for local development. Existing keys are skipped by default.

pulsar env pull                   # writes to .env
pulsar env pull --env preview     # pull preview vars
pulsar env pull --overwrite       # replace existing local values
pulsar env pull --output .env.local
Always add .env and .env.local to your .gitignore. pulsar env pull warns you if it is missing.

Team onboarding workflow

New team members can get running in seconds:

git clone https://github.com/your-org/your-app
cd your-app
pulsar init           # link to the Pulsar project
pulsar env pull       # download env vars to .env
npm install && npm run dev

Environment scoping

Each variable is scoped to an environment so you can have different values in production vs. preview deployments:

productionOnly injected into production deploys (push to main branch)
previewOnly injected into PR preview deploys
allInjected into both production and preview

Encryption

Values are encrypted with AES-256-GCM before storage using the AES_KEY set in your server's environment. Decryption happens only inside the build worker at deploy time — variables never leave your server unencrypted.

The value field is always masked in API responses. Only key names and environment scopes are returned in list endpoints.

Accessing in your app

// Node.js / Next.js
const url = process.env.DATABASE_URL;
const key = process.env.STRIPE_KEY;
# Python / Django / FastAPI
import os
url = os.environ.get("DATABASE_URL")
key = os.environ.get("STRIPE_KEY")
# Using dotenv for local dev (npm install dotenv)
import 'dotenv/config';
const url = process.env.DATABASE_URL;

Full CLI reference

pulsar env list [project]          # list all keys by scope
pulsar env set KEY VALUE           # set (default: all)
pulsar env set KEY VAL --env prod  # production only
pulsar env remove KEY              # delete a variable
pulsar env pull                    # download to .env
pulsar env pull --overwrite        # replace existing keys
pulsar env push                    # upload .env to Pulsar
pulsar env push --input .env.prod  # upload specific file