> ## Documentation Index
> Fetch the complete documentation index at: https://docs.edgespark.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Manage EdgeSpark variables

> Set EdgeSpark runtime vars for non-sensitive configuration, type the keys in runtime.ts, and read them safely in server code.

Use vars for plain, non-sensitive configuration such as public API base URLs, feature flags, log levels, and OAuth client IDs. Use [secrets](/guides/secrets) for credentials, tokens, and signing keys.

## Declare allowed keys

Runtime keys are typed in `server/src/defs/runtime.ts`:

```typescript server/src/defs/runtime.ts theme={null}
export type VarKey =
  | "PUBLIC_API_BASE_URL"
  | "GOOGLE_CLIENT_ID";

export type SecretKey =
  | "GOOGLE_CLIENT_SECRET";
```

This keeps the keys your code can read explicit and discoverable.

## Set vars from the CLI

```bash theme={null}
edgespark var set PUBLIC_API_BASE_URL=https://api.example.com
edgespark var set GOOGLE_CLIENT_ID=your-google-client-id LOG_LEVEL=debug
```

Inspect or delete them later:

```bash theme={null}
edgespark var list
edgespark var delete LOG_LEVEL
```

## Read vars at runtime

```typescript server/src/index.ts theme={null}
import { vars } from "edgespark";
import { Hono } from "hono";

const app = new Hono().get("/api/public/config", (c) => {
  return c.json({
    apiBaseUrl: vars.get("PUBLIC_API_BASE_URL"),
  });
});

export default app;
```

`vars.get(...)` returns `string | null`, so handle missing values where appropriate.

## Vars are environment-scoped

Vars are scoped to the current environment. For newly created projects today, that means the current default production environment.

<Note>
  Public staging support is coming soon. When it lands, staging and production will keep separate var sets under the same key names.
</Note>

<Tip>
  Vars are for plain configuration only. If a value would be harmful to expose in logs, prompts, or copy-pasted shell history, use `edgespark secret set` instead.
</Tip>

See [platform limits](/reference/limits) for current var naming and quota constraints.

## Common pattern with auth config

OAuth client IDs usually belong in vars, while OAuth client secrets belong in secrets:

```yaml configs/auth-config.yaml theme={null}
providerGoogle:
  enabled: true
  config:
    clientIdVarRef: GOOGLE_CLIENT_ID
    clientSecretRef: GOOGLE_CLIENT_SECRET
```

That keeps the non-sensitive ID easy to manage while protecting the secret.

## See also

<Columns cols={2}>
  <Card title="vars reference" icon="code" href="/sdk/vars">
    The runtime API for reading plain vars with `vars.get(...)`.
  </Card>

  <Card title="Manage secrets" icon="key" href="/guides/secrets">
    Use the secure browser-based secret flow for sensitive values.
  </Card>
</Columns>