🔑

Environment Variables

Configuration values that connect Claude Code to external services. API keys, database URLs, and service credentials that enable MCP servers and API integrations.

Data Source·2 sections·1 min read

codingdevops

Install Prompt

Paste this into Claude Code to set it up:

Environment variables are typically set in your shell profile (~/.zshrc or ~/.bashrc) or in project .env files. For MCP servers, API keys go in the 'env' field of the server configuration in ~/.claude.json or ~/.claude/settings.json. Never commit API keys to git. Use .gitignore to exclude .env files.

01What It Does

The keys to your connected ecosystem

Environment variables are how Claude Code authenticates with external services. When you connect an MCP server to GitHub, Notion, Stripe, or any other service, the API key or token lives in an environment variable. These values get passed to MCP server processes at startup, enabling Claude to read your repositories, query your databases, manage your tasks, and interact with every connected service in your ecosystem.

There are three common places to set environment variables for Claude Code. Shell profiles (~/.zshrc or ~/.bashrc) make variables available globally. Project .env files scope variables to a specific project. MCP server configurations in ~/.claude.json or ~/.claude/settings.json pass variables directly to specific server processes through the env field.

02Security

Never commit secrets to git

API keys, tokens, database passwords, and service credentials must never appear in your git history. Once a secret is committed, it lives in the repository forever (even after deletion) and can be extracted by anyone with access. Add .env to your .gitignore file. Use .env.example with placeholder values to document which variables are needed without exposing actual values. Claude Code's commit skill is configured to flag sensitive files automatically, but the safest approach is to prevent them from being trackable in the first place.

Use .gitignore. Always exclude .env, .env.local, and any file containing credentials from version control.

Document with .env.example. Create a template file with empty values so collaborators know which variables to set without seeing your actual keys.

Rotate compromised keys immediately. If a key is accidentally committed, treat it as compromised. Revoke it and generate a new one, even if you removed the commit.