Where to configure server-side environment variables/secrets?

Teable Discussions
1

Hi team,

I’m building an application (Next.js-based) that uses server-side integrations with OpenAI and the Teable API.

The app needs these variables available through process.env on the server runtime:

  • TEABLE_API_URL

  • TEABLE_APP_TOKEN

  • TEABLE_BASE_ID

  • OPENAI_API_KEY

Normally the chatbot can generate the code correctly, but in this session it says it does not have access to:

  • custom environment variables / secrets management

  • runtime redeploy/restart tools

I do not use Vercel or Render directly — the app is hosted entirely inside Teable.ai.

Questions:

  1. Where do I configure server-side environment variables/secrets?

  2. Is there a built-in “custom environment variables” or “secret manager” UI?

  3. Can the App Builder chatbot normally configure them automatically?

  4. How do I restart/redeploy the hosted runtime after adding secrets?

  5. Are these variables exposed securely only to server-side routes (not browser/client)?

Important:
I do NOT want to:

  • hardcode secrets

  • store them in Teable tables

  • expose them with NEXT_PUBLIC_*

  • commit them into source code

The app currently needs:

  • OpenAI API access

  • server-side Teable API access

  • runtime process.env support for Next.js API routes

Any guidance/screenshots would be greatly appreciated. :blush:

2

Hi @Alex,

Thanks for the detailed explanation.

At the moment, App Builder does not have a separate Environment Variables panel for Teable-hosted apps. We are already discussing how to support server-side environment variable management more properly.

We also noticed that Cuppy is currently a bit conservative when handling requests related to environment variables or sensitive values, and we are working on improving this behavior.

As a current workaround, App Builder supports importing code via ZIP, and a root .env file in the ZIP can be read into the app’s custom environment variables.

Please refer to our documentation here for the detailed requirements and steps:

Since code import merges into the existing project and may overwrite files with the same path, we recommend testing this first in a new simple app before applying it to your production app.