Skip to main content
Environment variables let your Woz app securely connect to external services like AI providers, payment tools, and data platforms. They store things like API keys and configuration values that your app needs to run correctly in production. This guide explains what environment variables are, when you need them, and how to use them safely in Woz.

What are environment variables?

Environment variables are secure values your app uses behind the scenes to:
  • Authenticate with third-party services
  • Access APIs and integrations
  • Enable billing or usage tracking
  • Control app behavior across environments
Instead of hard-coding sensitive values into your app, you store them as environment variables so they can be managed securely.

When you’ll need environment variables

You’ll usually add environment variables when you connect your app to another service, such as:
  • AI tools (OpenAI, Anthropic, ElevenLabs, etc.)
  • Voice or speech services
  • Image generation tools
  • Payment providers
  • Analytics or data platforms
For example, if you want to add AI voice dictation using ElevenLabs, you would:
  1. Create an account with ElevenLabs
  2. Generate an API key
  3. Add that key to your app’s environment variables in Woz
  4. Your app can now securely access the service in production

Where to find environment variables in Woz

In Woz, environment variables live in the: Admin Area → Environment Variables tab This is where you can:
  • Add new variables
  • Edit existing ones
  • Manage which values are used in production

Frontend vs backend environment variables

Woz separates environment variables into two types based on security and access level.

Frontend environment variables

Used by the app in the client
  • Less secure by nature
  • Should only contain values that are safe to expose
  • Best for:
    • Public configuration
    • Non-sensitive IDs
    • Feature flags
If someone were to inspect your app’s code, they could potentially see these values.

Backend environment variables

Used by the API and server logic
  • Treated as secrets
  • Never exposed to end users
  • Best for:
    • API keys
    • Tokens
    • Credentials
    • Anything security-critical
If a value must remain private, it should always be stored as a backend environment variable.

Adding an environment variable

  1. Go to the Admin Area
  2. Open the Environment Variables tab
  3. Click Add variable
  4. Enter:
    • The variable name
    • The value
    • Whether it should be frontend or backend
  5. Save your changes
Your app will now have access to this variable when it runs.

Woz-managed environment variables

Woz apps come with many environment variables pre-configured to work out of the box. These include values that Woz:
  • Provides
  • Manages
  • Secures behind the scenes
In most cases, you will not need to change these. They are designed to support core functionality automatically. Advanced users can override them if needed, but this should be done carefully and only when you fully understand the impact.

Best practices

  • Store secrets only in backend environment variables
  • Never place API keys in frontend variables
  • Use clear, descriptive variable names
  • Avoid hard-coding credentials into your app
  • Only override Woz-managed variables if absolutely necessary
  • Rotate keys if you believe one has been exposed