Skip to main content
Your agent code needs API keys, database URLs, and other config to do real work. Reminix stores these as environment variables on the project and injects them into the container at runtime. Your handler reads them with the standard library — no special API.

Setting a secret

There are two ways to add a secret to a project: the dashboard or the CLI. Both store the value the same way.
  1. Open your project in the Reminix dashboard
  2. Go to Settings → Secrets
  3. Click Add Secret, enter the key and value, and save
Changes take effect on the next deploy.

Reading a secret in your handler

Once a secret is set on the project, it’s available as an environment variable inside the running container. Use the standard language API. 
import { agent, serve } from "@reminix/runtime"
import OpenAI from "openai"

const client = new OpenAI({
  apiKey: process.env.OPENAI_API_KEY,
})

const writer = agent("writer", {
  type: "prompt",
  handler: async (input) => {
    const completion = await client.chat.completions.create({
      model: "gpt-4o",
      messages: [{ role: "user", content: input.prompt }],
    })
    return completion.choices[0].message.content
  },
})

serve({ agents: [writer] })
Don’t read secrets at module load time without a fallback. If a secret is missing, os.environ["KEY"] raises and the container exits before your agent can return a useful error. Prefer os.environ.get("KEY") and check inside the handler, or fail loudly with a clear message at startup.

Built-in environment variables

Reminix sets a few variables on every container automatically. You don’t need to configure them.
VariableValuePurpose
PORT8080The port your serve() call binds to. Override with serve({ port }) if you must.
HOST0.0.0.0The interface your server binds to. Don’t change this — binding to localhost makes the agent unreachable inside the container.
Your own secrets sit alongside these in process.env / os.environ. There is no special namespace.

Naming

A few conventions to keep things predictable:
  • Uppercase with underscores. OPENAI_API_KEY, not openaiApiKey — this is what every shell, container runtime, and CI system expects.
  • Names are case-sensitive. Database_Url and DATABASE_URL are stored as different secrets.
  • Avoid the REMINIX_ prefix for your own secrets. Reminix uses that prefix for its own variables (REMINIX_API_KEY, REMINIX_PROJECT, REMINIX_API_URL, REMINIX_CLOUD). Picking a different prefix for your secrets prevents confusion.

Local development

When you run your code locally with node server.ts or python server.py, Reminix isn’t injecting anything. Use whatever you normally use for local env management: 
# .env (gitignored)
OPENAI_API_KEY=sk-...
DATABASE_URL=postgres://localhost:5432/dev
.env files are a local-development convenience. They are not uploaded to Reminix on deploy. The values live only on your machine. Set the same variables as project secrets to make them available in production.

Updating secrets

Secret changes take effect on the next deploy or restart. The currently-running container keeps using the values it had when it started. To pick up a new secret value without changing code: 
reminix deploy
Or trigger a redeploy from the dashboard.

OAuth credentials

If you’re calling third-party APIs that require OAuth (Google, Slack, GitHub, Notion, etc.), don’t store user access tokens as secrets. Use Connections instead — Reminix manages the auth flow, encrypted storage, and refresh. You still set the OAuth app client ID and secret as project secrets so Reminix can perform the exchange: 
reminix secret set GOOGLE_CLIENT_ID 1234.apps.googleusercontent.com
reminix secret set GOOGLE_CLIENT_SECRET GOCSPX-...
Then enable the Google connection in the dashboard and call client.oauth_connections.get_token("google") from your handler.

Next steps

Connections

Managed OAuth for third-party APIs.

Authentication

Reminix’s own API tokens (not user secrets).

Deploy from GitHub

Where these secrets get injected into your code.

Troubleshooting

What “secret not found at runtime” means and how to fix it.