Skip to content

Environment variables

The proper place to store secrets, keys, and API tokens is in Environment Variables.

Environment variables can be accessed via Deno.env or process.env.

  • The “key” and “value” of each environment variable can be any string
  • Vals can’t set environment variables: Environment variables are set via the settings page. Trying to update an environment variable, for example by using Deno.env.set, is a no-op.


This uses the Deno-default Deno.env variable, which is available globally.

const secret = Deno.env.get("someSdkSecret");
export let sdk = new SomeSDK(secret);


This is the conventional way to access environment variables when you’re in a Node.js environment. In Node.js, process is an always-available global variable, but since Val Town targets Deno, you’ll need to import process from node:process:

import process from "node:process";
const secret = process.env.someSdkSecret;
export let sdk = new SomeSDK(secret);

Environment variables are private in public vals

It is safe for a a public val to reference your environment variables. Others can see that they’re being used, but not their values.

For example, in this public script val, you can see that I’m using a discord bot’s environment variable, but you cannot run this code or get the value of the environment variable.

If you expose an HTTP API or email handler val, those vals can be triggered by anyone who knows their URL or email address, but they still can’t access your environment variables. This is how server-side code normally works. If someone wants to run your code with their environment variables, they need to import your code and run it in their own vals.