Skip to content
SendPad Docs

.env files

.env files define environment-specific variables. Switch between them using the environment selector in the header.

Syntax

Section titled “Syntax”

Simple KEY = VALUE pairs, one per line. Whitespace around = is ignored. Lines starting with # are comments.

dev.env
BASE_URL    = https://jsonplaceholder.typicode.com
API_TOKEN   = dev-token-abc123
TIMEOUT     = 5000


# Secrets — shown as •••• in the env selector tooltip
API_SECRET  = super-secret

Multiple environments

Section titled “Multiple environments”

Create one .env file per environment and switch with the env selector in the header.

envs/
  dev.env       → green indicator
  staging.env   → amber indicator
  prod.env      → red indicator (guarded)

Files named prod or production trigger a confirmation prompt before switching — a safety net against accidentally running destructive requests against production.

Using variables

Section titled “Using variables”

Reference any variable from the active .env file using {{VARIABLE_NAME}} in requests:

GET {{BASE_URL}}/users
Authorization: Bearer {{API_TOKEN}}

File-level variable overrides

Section titled “File-level variable overrides”

Define variables inline at the top of any .http or .flow file with @key = value. These override .env variables with the same name.

@baseUrl     = {{BASE_URL}}
@contentType = application/json


GET {{baseUrl}}/health

Sensitive variable masking

Section titled “Sensitive variable masking”

Any variable whose name contains secret, token, key, or password is automatically masked in the UI tooltip. Enable Redact sensitive headers in Settings → History to also mask them in the request history log.

Runtime overrides — .env.local

Section titled “Runtime overrides — .env.local”

Each <name>.env can have a sibling <name>.env.local that overrides it at runtime. SendPad writes to this file via the @persist directive, and merges it on top of the base env automatically.

envs/
  dev.env          ← you author this, commit it
  dev.env.local    ← SendPad writes runtime values here
  prod.env         ← persists are disabled for prod-named envs

The env selector shows a +N local badge when an env has runtime overrides. Delete the .env.local file from the file tree to reset.

SendPad auto-adds *.env.local to your workspace .gitignore when one exists — runtime values never leak into git.

How @persist writes to .env.local

Section titled “How @persist writes to .env.local”
### Login
POST {{BASE_URL}}/auth/login
Content-Type: application/json


{ "email": "dev@example.com", "password": "..." }


# @extract token = $.access_token
# @assert  status == 200


# Promote the extracted token into dev.env.local
# @persist token


# Or write a specific value
# @persist LAST_LOGIN = "2026-04-12"

Rules:

  • Persists run after all @asserts — a failing assertion aborts every persist in that step.
  • Persists are silently skipped for envs named prod or production.

Variable resolution order

Section titled “Variable resolution order”

When a request runs, variables resolve in this priority:

  1. Extracted flow variables (# @extract) — highest priority
  2. .env.local overrides
  3. .env file variables
  4. File-level variables (@key = value)