Skip to content
Latchkey

vercel env: Manage Environment Variables in CI

vercel env reads and writes the environment variables a project uses across its production, preview, and development environments.

In a pipeline you usually pull the variables into a local .env so the build or tests can use them, rather than adding them interactively.

What it does

vercel env ls lists variables, vercel env add NAME ENVIRONMENT stores one for a given target (production, preview, or development), vercel env rm removes one, and vercel env pull writes the decrypted variables for a target into a local file (default .env.local).

Common usage

Terminal
vercel env ls --token "$VERCEL_TOKEN"
# pull production vars into a local env file
vercel env pull .env.production --environment=production --token "$VERCEL_TOKEN" --yes
# add a variable non-interactively from stdin
echo "prod-value" | vercel env add API_KEY production --token "$VERCEL_TOKEN"

Options

Flag / argWhat it does
add NAME [env]Add a variable to production | preview | development
pull [file]Write decrypted vars to a local file (default .env.local)
--environment <e>Target environment for pull/ls
lsList variables and their targets
rm NAME [env]Remove a variable
--token <t> / --yesToken auth and skip prompts

In CI

vercel env add normally prompts for the value; pipe it on stdin (echo value | vercel env add NAME production) to stay non-interactive. For builds, vercel env pull is the cleaner path: pull once into .env then read it.

Common errors in CI

"Error: Your codebase isn't linked to a project" means VERCEL_ORG_ID and VERCEL_PROJECT_ID are unset, so env has no project. "Error: No existing credentials found" means a missing --token. An empty pull usually means the wrong --environment target.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →