Environment Variables

Environment variables let you store secrets and configuration values (API keys, database URLs, feature flags) that your workflows can access at runtime — without hardcoding them in node settings.

The Env Vars Page

Go to app.tensorify.io/env-vars to manage your workspace's environment variables.

Variables set here are team-scoped: every workflow in your workspace can access them.

Adding a Variable

Go to Env Vars in the sidebar
Click Add Variable
Enter the variable name (e.g., DATABASE_URL) and its value
Click Save

Variable names follow standard convention: uppercase with underscores, no spaces (e.g., STRIPE_SECRET_KEY, SLACK_BOT_TOKEN).

Editing and Deleting

Click a variable row to edit its value. Click the trash icon to delete it. Changes take effect on the next workflow execution — currently running executions are not affected.

Variable values are stored encrypted. Once saved, the value is masked in the UI. Make sure to save a copy of any newly created secrets before leaving the page.

Using Variables in Workflows

In Code Nodes

Environment variables are available as standard Python environment variables inside Code nodes:

import os

stripe_key = os.environ["STRIPE_SECRET_KEY"]
db_url = os.environ.get("DATABASE_URL", "")
slack_token = os.environ.get("SLACK_BOT_TOKEN")

In Node Settings (Bindings)

Reference environment variables in node settings fields using {{ env.VARIABLE_NAME }}:

Authorization: Bearer {{ env.GITHUB_TOKEN }}

Use this in HTTP Request headers, Transform templates, or any settings field that supports {{ }} bindings.

Plugin-Required Variables

Some plugins require specific environment variables to function. These are listed in each plugin's documentation:

Plugin	Required Variable
Send Email (Resend)	`RESEND_API_KEY`

When a required variable is missing, the node will fail at runtime with an authentication or configuration error.

Variables and the CLI

When running workflows locally with tensorify watch or tensorify run, environment variables from the Env Vars page are not automatically injected into your local process. Your local environment's own variables are used instead.

To match your production environment locally, export the same variables in your shell:

export STRIPE_SECRET_KEY="sk_test_..."
export DATABASE_URL="postgresql://localhost/mydb"
tensorify watch <workflowId>

Or use a .env file with a tool like direnv or dotenv:

# .env (do not commit to git)
STRIPE_SECRET_KEY=sk_test_...
DATABASE_URL=postgresql://localhost/mydb

The TENSORIFY_API_KEY variable is special — it authenticates the CLI itself, not your workflow logic. It is separate from the Env Vars page and should be set directly in your shell.

Best Practices

Never hardcode secrets in node settings. Use env vars and {{ env.* }} bindings instead.
Use distinct values per environment: separate Stripe keys for test vs live, separate database URLs for staging vs production.
Rotate compromised keys immediately: delete the old variable, add the new value, and update any external services.
Name variables clearly: STRIPE_SECRET_KEY is better than KEY or SECRET.

Next Steps

Settings & API Keys — manage CLI authentication
Code plugin — use env vars in Python
HTTP Request plugin — use env vars in headers and URLs