Hyphen Deploy provides your application with environment variables at runtime. These include system-injected variables that provide deployment context and metadata, as well as user-defined secrets that you manage through Hyphen's ENV service.
Table of Contents
- HYPHEN_ System Variables
- ENV Secrets
- Accessing Variables in Your Application
- Variable Precedence
- Best Practices
- Next Steps
HYPHEN_ System Variables
Hyphen automatically injects environment variables prefixed with HYPHEN_ into your application at runtime. These variables provide deployment metadata and context that your application can use for logging, monitoring, feature flagging, or environment-specific behavior.
The following variables are automatically available to your application:
| Variable | Description | Example Value |
|---|---|---|
HYPHEN_API_KEY |
Hyphen API key for the deployment | a2i...Q== |
HYPHEN_APP_CLOUD |
The cloud provider where your app is deployed | googleCloud, aws, azure |
HYPHEN_APP_ENVIRONMENT |
The deployment environment name | development, production |
HYPHEN_APP_ID |
Unique identifier for your application | app_1a2b3c4d5e6f7g8h9i0j1k2l |
HYPHEN_APP_IMAGE |
Full container image reference used for this deployment | us-docker.pkg.dev/my-project/my-repo/my-app:a1b2c3d |
HYPHEN_APP_IMAGE_LOCATION |
Cloud provider hosting the container registry | googleCloud, aws, azure |
HYPHEN_APP_NAME |
Human-readable name of your application | my-app |
HYPHEN_APP_REGION |
Geographic region where your app is deployed | NorthAmerica-1, Europe-1 |
HYPHEN_DEPLOYMENT_ID |
Unique identifier for the deployment policy | dply_2b3c4d5e6f7g8h9i0j1k2l3m |
HYPHEN_DEV |
Flag indicating if running in development mode (only set when true) | true |
HYPHEN_ORGANIZATION_ID |
Unique identifier for your organization | org_3c4d5e6f7g8h9i0j1k2l3m4n |
HYPHEN_ORGANIZATION_NAME |
Name of your organization | My Organization |
HYPHEN_PROJECT_ID |
Unique identifier for your project | proj_4d5e6f7g8h9i0j1k2l3m4n5o |
HYPHEN_PROJECT_NAME |
Name of your project | my-project |
HYPHEN_REVISION_DATE |
Timestamp when this revision was deployed (ISO 8601) | 2025-01-15T14:30:00.000Z |
HYPHEN_RUN_ID |
Unique identifier for this deployment run | depr_5e6f7g8h9i0j1k2l3m4n5o6p |
These variables are managed by Hyphen. You cannot modify or override them.
ENV Secrets
In addition to the system-injected HYPHEN_ variables, you can define your own environment variables and secrets using Hyphen's ENV service. These are the variables you manage with the hx push and hx pull commands.
ENV Secrets are:
- User-defined: You control which variables exist and their values
- Encrypted: Stored securely with end-to-end encryption
- Environment-specific: Different values for development, production, etc.
- Version-controlled: Track changes and roll back if needed
- Automatically loaded: Injected into your application at runtime alongside HYPHEN_ variables
Common use cases for ENV Secrets include:
- API keys and tokens
- Database connection strings
- Third-party service credentials
- Feature flags
- Application configuration
Managing ENV Secrets
To work with ENV Secrets, use the Hyphen CLI:
# Push local .env files to Hyphen
hx push
# Pull encrypted variables from Hyphen
hx pull
# Push a specific environment
hx push --environment production
ENV Secrets are stored in .env.[environment_name] files locally (e.g., .env.development, .env.production) and synchronized with Hyphen's secure storage.
For detailed information about managing ENV Secrets, see:
Accessing Variables in Your Application
All environment variables (both HYPHEN_ system variables and your ENV Secrets) are available through your programming language's standard environment variable access mechanisms:
Node.js:
const appId = process.env.HYPHEN_APP_ID;
const apiKey = process.env.MY_API_KEY;
Python:
import os
app_id = os.environ.get('HYPHEN_APP_ID')
api_key = os.environ.get('MY_API_KEY')
Go:
import "os"
appID := os.Getenv("HYPHEN_APP_ID")
apiKey := os.Getenv("MY_API_KEY")
Variable Precedence
Warning: If you define an ENV Secret with the same name as a HYPHEN_ system variable, your ENV Secret will override the system variable. This may cause unexpected issues with deployment metadata and application behavior. We recommend not creating ENV Secrets that start with
HYPHEN_.
Best Practices
- Use HYPHEN_ system variables for deployment context, logging, and monitoring
- Use ENV Secrets for sensitive data like credentials and API keys
- Never commit secrets to version control (add
.env.*files to.gitignore) - Use different values for different environments (development, staging, production)
- Rotate credentials regularly using Hyphen's key rotation features