Lot

Environment Variables

Environment variables let you inject secrets and configuration into your sandbox without committing them to your repository. Variables are encrypted at rest, scoped to the project, and shared across all sessions.

Adding env vars during project creation

When creating a project, there's a textarea where you can paste your entire .env file. Lot auto-parses the content into individual variables — no need to add them one by one.

DATABASE_URL=postgres://user:pass@host:5432/mydb
STRIPE_SECRET_KEY=sk_test_...
NEXT_PUBLIC_APP_URL=http://localhost:3000

Just copy and paste, and everything is picked up automatically. This is the recommended approach since the setup agent needs these variables to run migrations, install dependencies that require API keys, and configure your dev environment correctly.

If your setup fails because of a missing env var, add it and click Retry Setup on the project.

Editing env vars during sessions

After the project is set up, you can add or edit environment variables from the Env tab in the right-side panel of any session.

  1. Open the Env tab
  2. Add, edit, or remove variables
  3. Click Save

Changes are project-level

Environment variable changes apply to the project, not a single session. All sessions share the same set of variables. If you add a new API key in one session, it's available to all other sessions on the same project.

Dev server restart required

After saving, a restart confirmation popup will appear. The dev server is not auto-restarted — you need to confirm the restart for the new values to take effect. This is because a restart interrupts the running app, and you may want to time it yourself.

Existing sessions that are already running won't pick up the new values until their dev server is restarted. If you have multiple sessions open, you'll need to restart each one individually.

How they're injected

When a session starts, Lot writes your environment variables to a .env file in the repository root (/workspace/repo/.env). The dev server and any commands run in the sandbox read from this file.

Common use cases

  • Database URLs — connection strings for Neon, Supabase, PlanetScale, etc.
  • API keys — third-party service keys (Stripe, Resend, etc.)
  • Feature flags — toggle features during development
  • App configuration — ports, hostnames, debug flags

Sensitive variables

Marking a variable as sensitive masks its value in the Lot UI. The actual value is still written to the sandbox's .env file — it's only hidden in the dashboard for security when screen-sharing or working in public.