- environment variables, available to processes and shell sessions inside the Box
- secret files, written under the Box work directory using the relative paths you configure
.env files, deployment tokens, and other runtime configuration. Do not pass secrets in prompts, URLs, CLI arguments that may be logged, Docker build args, or committed files.
Add Environment Variables
- Open Dashboard > Secrets.
- Add shell-style lines in the environment variables editor:
- Save.
provisioned, cloning, ready, idle, or running) and have a live machine connection. Stopped, archived, deleted, or unreachable Boxes pick up the latest values the next time they are started or resumed.
Add Secret Files
Use secret files for.env, JSON credentials, or config files that a repo expects on disk.
- Open Dashboard > Secrets.
- Add a secret file with a relative path such as
ariana-ide-private/backend/.env,.env, orconfig/secrets.json. - Paste the file contents and save.
/home/user on the hosted Box image. Folder names use the GitHub repository name, not the owner/name pair. For example, ariana-dot-dev/ariana-ide-private is cloned to:
/home/user on the hosted Box image. To write a backend .env file into ariana-ide-private, include the repository folder in the path:
/home/user are skipped.
Programmatic Setup
For setup scripts, configure secrets in the dashboard first, then run your setup in the Box. The script can read normal environment variables or files at the configured paths.box ssh <id> <command> runs the command non-interactively and streams stdin, stdout, and stderr, so setup scripts do not need to be copied to a temporary path in the Box.
In Windows PowerShell, prefer running this from Node, Python, WSL, Git Bash, or cmd.exe. Native PowerShell pipelines can keep stdin open for native executables in some environments.
Only use temporary uploaded env files for one-off local experiments. For normal usage, dashboard secrets keep the workflow auditable and avoid leaking values through logs or command history.