Environment Variables and Keeping Secrets Out of Code
Every application needs secrets: database passwords, payment keys, email credentials. The golden rule is that these must never be written directly into the code itself.
Instead we use environment variables — settings supplied to the application by the server it runs on. This keeps secrets out of your code repository and lets the same code run safely anywhere.
Why This Protects You
If a password is baked into code, anyone who ever sees that code — a contractor, a leaked backup, a public repository — sees the password too. Environment variables keep the two firmly apart.
- Secrets never appear in version history.
- Each environment uses its own keys, so a leak is contained.
- Rotating a key is a config change, not a code release.
How We Manage Them
We store production secrets in a secure vault with access limited to the people who genuinely need it, and we keep a clear record of which key does what.
Frequently Asked Questions
What happens if a secret is exposed?
We rotate it immediately — issue a new key and retire the old one — which is quick precisely because secrets live outside the code.
Do you ever email us passwords?
No. Credentials are shared through secure channels, never plain email.
If you need a hand with any of this, your Progressive Robot delivery team is ready to help. Raise a ticket from the Support area of your client portal or speak to your account manager and we will guide you through the next steps.