Skip to main content
This tutorial demonstrates how to bulk import environment variables and secrets from a .env file using the Qovery CLI, rather than adding them individually through the web interface.

Prerequisites

Step 1: Install Qovery CLI

The installation command varies by platform:
  • Linux/Unix
  • macOS
  • Windows
curl -s https://get.qovery.com | bash
For additional installation methods, see the CLI documentation.

Step 2: Authenticate and Set Context

Authenticate

qovery auth
This opens your browser for authentication.

Set Context

After authenticating, specify the target application: 
qovery context set
Follow the prompts to select:
  1. Your organization
  2. Your project
  3. Your environment
  4. Your application

Step 3: Prepare Your .env File

Create a .env file with your variables. For example, .env.development: 
# Public variables
COLOR_BACKGROUND=#F0F0F0
API_URL=https://api.example.com

# Secret variables
STRAPI_API_KEY=sk_test_1234567890abcdef
AUTH0_API_KEY_SECRET=my_super_secret_key_123

Step 4: Import Environment Variables

Import Public Variables

qovery env import .env.development
You’ll see an interactive prompt to select which variables to import: 
? Select environment variables to import:
  ◯ COLOR_BACKGROUND
  ◯ API_URL
  ◯ STRAPI_API_KEY
  ◯ AUTH0_API_KEY_SECRET
Use:
  • Arrow keys to navigate
  • Space bar to select/deselect
  • Enter to confirm
Select the public variables (COLOR_BACKGROUND and API_URL) and press Enter.
Public environment variables are visible in the Qovery Console and can be viewed by team members.

Step 5: Import Secrets

For sensitive data, import as secrets: 
qovery env import .env.development
When prompted, select “Secrets” instead of “Environment Variables”, then choose the secret variables: 
? Select type:
  ◯ Environment Variables
  ◉ Secrets
Select the sensitive variables (STRAPI_API_KEY and AUTH0_API_KEY_SECRET) and press Enter.
Secrets are encrypted and cannot be viewed in plain text after import. They can only be updated or deleted.

Step 6: Verify Import

Via Qovery Console

  1. Navigate to your application in Qovery Console
  2. Go to Variables tab
  3. Verify both environment variables and secrets are present

Via CLI

# List environment variables
qovery env list

# List secrets (values will be hidden)
qovery secret list

Advanced Usage

Import from Different Files

# Development environment
qovery env import .env.development

# Production environment
qovery env import .env.production

Override Existing Variables

Use the --force flag to override existing variables: 
qovery env import .env.development --force

Import Specific Variables

You can also manually specify which variables to import by editing your .env file before importing.

Best Practices

Add .env* to your .gitignore file to prevent accidentally committing secrets:
# .gitignore
.env
.env.*
Maintain separate .env files for each environment:
  • .env.development
  • .env.staging
  • .env.production
Mark these as secrets:
  • API keys
  • Database passwords
  • OAuth client secrets
  • Encryption keys
  • Third-party service tokens
Create a .env.example file with placeholder values:
# .env.example
COLOR_BACKGROUND=<hex_color>
API_URL=<your_api_url>
STRAPI_API_KEY=<your_strapi_key>
AUTH0_API_KEY_SECRET=<your_auth0_secret>

Troubleshooting

Ensure your .env file follows the RFC 2-dotenv specifications:
  • One variable per line
  • Format: KEY=value
  • No spaces around the = sign
  • Comments start with #
  • Verify you imported to the correct application
  • Check you ran qovery context set before importing
  • Refresh the Qovery Console page
This is expected behavior. Secrets are encrypted and cannot be viewed in plain text for security reasons.

Environment Variables

Learn about environment variables in Qovery

Qovery CLI

Complete CLI documentation

Secrets Management

Understanding secrets and encryption

Application Configuration

Configure your applications