Skip to main content
Environments represent deployment contexts within a project, typically development, staging and production.

Encryption isolation

Each environment has its own data encryption key (DEK). This means secrets in one environment are cryptographically isolated from secrets in another, even within the same project. Compromising one environment’s key does not expose secrets in any other environment. See the Security model for details on how encryption works.

Default environments

When you create a new project, it comes with default environments. You can add, rename or remove environments in project settings.

Creating environments

Admins can create additional environments from project settings. Common examples include:
  • development — local development
  • staging — pre-production testing
  • production — live deployment
  • preview — for preview/branch deployments

Personal overrides

Environments can have personal overrides enabled, allowing individual team members to set their own secret values for local development without affecting the shared values.

Renaming and deleting

Renaming an environment may break existing syncs and CLI configurations that reference the old name. Update those configurations after renaming.
Deleting an environment permanently removes all its secret values and sync configurations. This cannot be undone.