Skip to main content
Environment variables are stored encrypted (AES-256-GCM) and injected into your server’s microVM at runtime. They are never logged or exposed.

ezforge env set

Set one or more environment variables. 
ezforge env set <server-name> KEY=value [KEY2=value2 ...]
Examples: 
ezforge env set my-server OPENAI_API_KEY=sk-...
ezforge env set my-server DATABASE_URL=postgres://... LOG_LEVEL=info
Changes take effect on the next deployment.

ezforge env list

List environment variable names (values are never shown). 
ezforge env list <server-name>
Output: 
KEY              SET AT
OPENAI_API_KEY   2026-01-15 10:00 UTC
DATABASE_URL     2026-01-15 10:01 UTC
LOG_LEVEL        2026-01-15 10:01 UTC

ezforge env unset

Remove an environment variable. 
ezforge env unset <server-name> KEY [KEY2 ...]
Example: 
ezforge env unset my-server LOG_LEVEL
Changes take effect on the next deployment.

Security notes

  • Values are write-only via the API — once set, a value can never be read back, only overwritten or deleted
  • Variables are encrypted at rest using AES-256-GCM; the encryption key is unique per server
  • Decryption happens only inside the server’s Firecracker microVM, just before process startup
  • Variables are isolated per server — one server cannot read another’s variables