Environments & secrets

Environments let you parameterize requests so the same collection works against local, staging, and production — and keep sensitive values encrypted.

Workspace-scoped variables

An environment is a named set of variables scoped to your workspace. Reference any variable with double-brace syntax, and API Stash substitutes the active environment's value at send time:

GET {{BASE_URL}}/users/{{USER_ID}}
Authorization: Bearer {{API_TOKEN}}

You can use {{VAR}} substitution in URLs, headers, and bodies.

Switching the active environment

Pick the active environment from the environment selector. Switching it changes every {{VAR}} value across your requests at once — so moving from staging to production is a single click, not a find-and-replace.

Secret values

Mark any value as a secret to hide it in the UI and protect it at rest. Secret values are encrypted at rest with per-workspace keys, so a secret stored in one workspace is never readable from another.

Tip: store tokens, API keys, and passwords as secrets, and keep non-sensitive values like base URLs as plain variables.

Personal vs shared environments

Environments come in two scopes:

Shared — visible to everyone in the workspace; ideal for team-wide base URLs and common config.
Personal — visible only to you; ideal for your own credentials or local overrides that shouldn't affect teammates.

Next:Authentication helpers Requests Security