On this page

A Deployment Environment is the scope at which env vars, secrets, and data service bindings apply. Most projects have at least two: production and staging. Custom environments like preview/feature-abc are common for review-app workflows.

Defaults

Every project gets two environments at creation:

  • production — what real users see
  • staging — internal testing target before promoting to production

You can create additional environments (preview/<source>, qa, canary, etc.) as needed.

What environments scope

ItemScope
Env varsper environment
Secretsper environment
Data service bindings (DATABASE_URL, REDIS_URL, etc.)per environment
Domainsper environment (production gets the apex; staging gets a staging.* subdomain by convention)
Version promotionper environment — promote a version to staging first, then to production

The same deployment can run different versions in different environments. Common pattern:


production:   version 17 active
staging:      version 18 active   ← being tested
preview/pr-42: version 19 active  ← single-feature preview

Env vars

POST /api/v1/deployments/:id/env
GET  /api/v1/deployments/:id/env

Env vars are stored encrypted at rest (ChaCha20-Poly1305) and injected into the sandbox during development and into runtime instances at boot. The list endpoint returns previews of values, not the raw values, by default.

Secrets vs env vars

There’s no strict UI distinction today — env vars are encrypted at rest regardless. The convention is:

  • Env vars: configuration that can be retrieved as preview (truncated value).
  • Secrets: same encryption, but marked is_secret: true so previews always show •••• even to your own admins.

Future-state, secrets will support rotation and access-event audit logging.

Data service bindings

When you create a Postgres / Redis / bucket via Data, you bind it to a specific deployment environment. MIOSA injects the credential into env at boot:


production env:    DATABASE_URL=postgres://prod...
staging env:       DATABASE_URL=postgres://staging...

You don’t ship two database URLs for one app; you ship one connection string variable, and MIOSA picks the right value based on which environment the runtime is booted in.

Where to go next

  • Publishing — environments are picked at publish time
  • Domains — attach a staging subdomain
  • Data — environment-scoped credentials

Was this helpful?