Variables
Store sensitive configuration and secrets securely in Galaxy without committing them to Git.
Ever commit an API key to Git by accident? Yeah, environment variables exist to prevent exactly that.
Galaxy keeps variables encrypted and secure. They're never exposed in logs or error messages. They're the right way to handle secrets.
Your Secrets Are Safe Here
Everything you store in Galaxy is encrypted at rest and in transit. No exposure in logs, no visibility to other team members unless you give access.
Why Environment Variables?
Never hardcode secrets in your code.
Never commit API keys to Git.
Never store passwords in your repository.
Environment variables exist specifically to solve this problem. Set them in Galaxy, and your app reads them at runtime. Your code stays clean, your secrets stay safe, and you can change configuration without touching code.
Think of environment variables as configuration that changes between environments. What you need in production is different from what you need in staging. Variables let you manage both without changing code.
Meteor Apps: Galaxy Mode
Meteor apps get a specialized editing experience in the Variables tab. Look for the GALAXY MODE badge at the top of the page.
Instead of managing individual key-value pairs, you edit your complete settings.json in a dedicated JSON editor. This matches the Meteor workflow you're already used to.
The Meteor Settings Editor
The editor shows your entire settings structure:
{
"galaxy.meteor.com": {
"env": {
"MONGO_URL": "mongodb://user:password@host/db",
"MAIL_URL": "smtp://user:password@smtp.example.com:587"
}
},
"packages": {
"mongo": {
"options": {
"tlsAllowInvalidCertificates": true
}
}
},
"private": {
"stripeKey": "sk_live_xxx",
"apiSecret": "your-secret-here"
},
"public": {
"appName": "My App",
"apiUrl": "https://api.example.com"
}
}Edit directly in the browser. Galaxy validates your JSON as you type, catching syntax errors before you save.
Settings Size Limit
The Meteor Settings editor has a maximum size limit of 1 MB (1024 KB). If your settings approach this limit, you'll see a warning. Settings that exceed 1 MB cannot be saved. Consider moving large configuration data to external services or databases if you're hitting this limit.
Understanding Meteor Settings Structure
Your settings break down into distinct sections.
galaxy.meteor.com.env: Environment variables that Galaxy injects into your container. These become available via process.env in your server code. Common uses include MONGO_URL, MAIL_URL, ROOT_URL, and other service connection strings.
packages: Configuration for specific Meteor packages. The most common use is the MongoDB TLS setting for Galaxy's free shared cluster.
private: Server-only settings accessible via Meteor.settings in your server code. API keys, service credentials, and other secrets belong here. These never reach the client.
public: Client-accessible settings available via Meteor.settings.public in both server and client code. App names, feature flags, and public API endpoints go here.
Never Put Secrets in Public
Everything in the public section is sent to browsers and visible to anyone using your app. Keep secrets in private or galaxy.meteor.com.env only.
Editing Meteor Settings
- Navigate to your app's Variables tab
- Edit the value directly in the JSON editor
- Click Save to store your changes
- Click Deploy to apply them to your running app
- Navigate to your app's Variables tab
- Add new keys to the appropriate section (
env,private, orpublic) - Make sure your JSON syntax is valid (Galaxy validates as you type)
- Click Save then Deploy
- Navigate to your app's Variables tab
- Delete the key-value pair from the JSON
- Verify the remaining JSON is valid
- Click Save then Deploy
Accessing Settings in Your Code
On the server, access all settings via Meteor.settings:
// Server-side code
const stripeKey = Meteor.settings.private.stripeKey;
const mongoUrl = process.env.MONGO_URL;On the client, only public values are available:
// Client-side code
const appName = Meteor.settings.public.appName;Web Apps: Standard Variables
For Node.js, Python, and AdonisJS apps, the Variables tab shows a standard key-value interface. Each variable appears as a row you can edit individually.
Adding Variables
Add variables one at a time by clicking Add Variable. Type the key (the variable name) and value (what your app reads).
Key: The variable name your code looks for. Usually all uppercase with underscores, like DATABASE_URL, STRIPE_SECRET_KEY, or API_TOKEN.
Value: What your app gets when it reads this variable. The actual secret, URL, or configuration value.
Click Save to store the variable.
Editing Variables
Find the variable you want to change. Click it to edit. Update the value, click Save.
Done. Your change is saved but not yet applied.
Deleting Variables
Find the variable and click the delete icon (trash can). Confirm the deletion. The variable is removed.
Deleting a variable doesn't restart your app. The old value stays in memory until you deploy or restart.
Save vs Deploy
This is important. Saving and deploying are separate actions.
Save: Click Save to store your variable changes. Your running app isn't affected.
Multiple edits: Make as many variable changes as you need, saving each one. Your live app keeps running.
Deploy: When ready, click Deploy to apply all saved changes. Galaxy performs a zero-downtime rolling restart, updating your app with new variables.
This separation prevents accidents. Prepare configuration changes carefully. Only when you click Deploy does anything change.
One Deployment is More Efficient
Changes only take effect after you deploy. Make all variable changes you need, then deploy once. This is more efficient than deploying after each variable change.
Common Variables by Platform
Meteor Apps
{
"galaxy.meteor.com": {
"env": {
"MONGO_URL": "mongodb://...",
"MAIL_URL": "smtp://...",
"ROOT_URL": "https://myapp.meteorapp.com"
}
}
}Node.js / AdonisJS
DATABASE_URL=postgresql://user:pass@host:5432/db
REDIS_URL=redis://user:pass@host:6379
NODE_ENV=production
LOG_LEVEL=infoPython
DATABASE_URL=postgresql://user:pass@host:5432/db
SECRET_KEY=your-django-secret-key
DEBUG=FalseBest Practices
Keep them secure: Never share variable values with anyone who doesn't absolutely need them. Don't paste them in chat or email.
Use strong values: For API keys and tokens, use the strongest credentials your provider offers. For passwords, use long, random strings.
Rotate sensitive values: Periodically regenerate API keys, auth tokens, and passwords. Update Galaxy with new values and redeploy.
Don't duplicate: Don't create multiple variables with similar purposes. It's confusing and error-prone. One DATABASE_URL per environment, not five variants.
Document them: Keep notes somewhere (not in code!) about what each variable is for. Future you will thank current you.
Use staging for testing: Have separate variables for staging and production. Test configuration changes in staging before applying to production.
Never Commit .env Files
Add .env to your .gitignore to prevent accidental commits of local environment files.
Troubleshooting
What's Next?
Deployments
The Deployments section shows every time your app has been deployed. Each deployment is a complete cycle: Galaxy takes your code, builds it, and gets it running on containers.
Versions
Every time you push code to your deploy branch, Galaxy creates a new version. This section shows all your code snapshots so you can see your deployment history and rollback to any past version if needed.