# Environment variables

Safe environment variable names and configuration boundaries.

Status: partial
Version: latest
Review: source-backed

## Configuration boundary

Environment variable documentation lists names and purpose only. Secret values are never rendered.

Platform bootstrap secrets remain env-level configuration; account owners configure provider status and runtime readiness from UI where implemented. Gmail is split deliberately: Google OAuth client credentials are deployment-level settings, account mailbox tokens live behind credential-vault refs, and projects select aliases through Project Gmail settings.

| Config family | Examples | Public disclosure |
| --- | --- | --- |
| Phoenix/runtime | `SECRET_KEY_BASE`, endpoint host, release flags | Name/purpose only |
| Stripe | Stripe key, webhook secret, price/product IDs | Safe mode/status and public price metadata only |
| Gmail/Google | Platform OAuth client settings, callback URLs, account mailbox status, project alias binding | Client setup status, mailbox/alias readiness, and project setting refs only |
| NVIDIA/Hermes | Provider key slots and runtime endpoint | Provider configured/missing status only |
| Live action gates | `LIVE_OUTREACH`, `LIVE_SPEND` | Enabled/disabled posture, not secret values |
| Storage | S3/Tigris endpoint and bucket names | Bucket/prefix posture only when safe |


Source paths:
- `config/runtime.exs`
- `ops/hermes`
- `.env.example`