Skip to main content

What are Project Variables?

Project Variables are project-specific values accessible across all components in your Project. They store:
  • API keys and secrets — Credentials for external services
  • Configuration — Environment-specific settings
  • Constants — Shared values used across Projects
  • Feature flags — Toggle features on/off

Why use Project Variables?

Security — Keep secrets out of code
Flexibility — Change config without redeploying
Environments — Different values for dev/staging/prod
Reusability — One variable, many usages

Creating Variables

Via UI

  1. Go to Project → Variables
  2. Click Add Variable
  3. Configure:
    • Name: OPENAI_API_KEY
    • Value: sk-... (hidden)
    • Type: Secret
    • Description: API key for OpenAI
  4. Click Save

Variable names

Conventions:
  • UPPERCASE_WITH_UNDERSCORES
  • Descriptive: SENDGRID_API_KEY not API_KEY_1
  • Prefixed by service: STRIPE_SECRET_KEY, STRIPE_PUBLISHABLE_KEY
Reserved names: Avoid system variables: PATH, HOME, USER

Using Variables

In Actions

import os

def send_email(to: str, subject: str, body: str):
    api_key = os.environ.get('SENDGRID_API_KEY')
    
    # Use api_key...
Variables are automatically injected as environment variables.

In Agent prompts

You are a customer service agent for {{COMPANY_NAME}}.

When customers ask about pricing, refer to our pricing page:
{{PRICING_URL}}

For technical support, escalate to: {{SUPPORT_EMAIL}}
Variables in {{VAR_NAME}} format are replaced before execution.

In Flow configurations

Conditional routing: 
If {{ENVIRONMENT}} == "production":
  → Production Flow
Else:
  → Test Flow

In webhook payloads

{
  "data": "{{webhook.body}}",
  "api_key": "{{EXTERNAL_API_KEY}}",
  "environment": "{{ENVIRONMENT}}"
}

Managing Variables

Viewing Variables

  1. Go to Organization → Project Variables
  2. See list of all variables
  3. Secrets show as ***
  4. Click to view metadata (not secret values)

Editing Variables

  1. Select variable
  2. Click Edit
  3. Modify value or description
  4. Click Save
Note: Editing a secret requires re-entering the full value.

Deleting Variables

  1. Select variable
  2. Click Delete
  3. Confirm
Warning:
  • Any components using this variable will fail
  • Check usages before deleting

Finding usages

  1. Select variable
  2. Click Show Usages
  3. See list of Projects/components using it
Use case: Before deleting or changing a variable.

Environment Variables

Triform provides built-in environment variables:
VariableValueDescription
TRIFORM_PROJECT_IDproj_abc123Current Project ID
TRIFORM_EXECUTION_IDexec_xyz789Current execution ID
TRIFORM_ORG_IDorg_abc123Organization ID
TRIFORM_USER_IDuser_xyz789User who triggered execution
TRIFORM_TIMESTAMPISO 8601 datetimeExecution start time
Usage: 
import os

project_id = os.environ.get('TRIFORM_PROJECT_ID')
execution_id = os.environ.get('TRIFORM_EXECUTION_ID')

print(f"Running in project {project_id}, execution {execution_id}")

Best practices

Never hardcode secrets — Always use Project Variables
Use descriptive names — Clear what each variable is for
Document variables — Add descriptions explaining usage
Rotate secrets regularly — Update API keys periodically
Test with dummy values — Use fake keys in dev/staging

Security considerations

Secret handling

Do:
  • ✅ Store all secrets in Project Variables
  • ✅ Use secret type for sensitive data
  • ✅ Limit access to who can view secrets
  • ✅ Rotate secrets regularly
  • ✅ Audit secret access
Don’t:
  • ❌ Hardcode secrets in code
  • ❌ Log secret values
  • ❌ Share secrets in chat/email
  • ❌ Commit secrets to git
  • ❌ Use production secrets in dev

Access control

Organization Admins: Can create, edit, delete all variables
Organization Editors: Can view and use variables
Organization Viewers: Can see variable names but not values Project-specific permissions: Override Organization permissions

Audit logs

All variable operations are logged:
  • Created by whom, when
  • Modified by whom, when, what changed
  • Accessed by which execution
  • Deleted by whom, when
View audit log:
  1. Go to Organization → Project Variables
  2. Select variable
  3. Click Audit Log

Migrating Variables

From hardcoded to variables

Before: 
def send_notification():
    api_key = "sk_live_abc123"  # Hardcoded!
    # ...
After: 
def send_notification():
    api_key = os.environ.get('NOTIFICATION_API_KEY')
    # ...
Steps:
  1. Create Project Variable
  2. Update code to use os.environ.get()
  3. Test
  4. Remove hardcoded value
  5. Deploy

Troubleshooting

Problem: Variable not found
Solution: Check variable name and project Problem: Secret value showing as ***
Solution: Intentional for security. Re-enter to update. Problem: Variable changes not taking effect
Solution: Redeploy Project, or restart execution

Next steps

Continue exploring the documentation to learn about deployments, API keys, security, and organization management.
I