Environment variables
Give an Agent the API keys and config its sandbox needs — set per-Agent environment variables once and they're available everywhere it runs.
Most real work needs secrets and config — an API key, a database URL, a feature flag. Instead of pasting them into every task, set environment variables on the Agent once. They're injected into its cloud computer, so the Agent, its Terminal, and any process it runs can read them.

Where they apply
Variables are scoped to a single Agent and available across everything that Agent runs in its sandbox — terminal commands, scripts, dev servers, and the Agent's own tool calls. They persist with the Agent and survive sandbox restarts.
Adding and editing variables
OPENAI_API_KEY and the key value).To change a value, edit it in place and save again; to remove one, click its trash icon.
Secrets handling
Values for keys that look sensitive — names containing key, secret, token, or password — are masked in the UI so they aren't shown in plain text.
AGENT_KEY is reserved and managed automatically by Buda. It's always present, always masked, and can't be edited or removed — it's how the Agent authenticates back to Buda from inside the sandbox.
Reading them in the sandbox
Once saved, variables are exported into the environment automatically. Read them like any environment variable:
echo "$OPENAI_API_KEY"
python3 -c "import os; print(os.environ['DATABASE_URL'])"You can also export extra variables inline for a single shell, but those last only for that session — see Terminal. For passwordless Git pushes, store credentials or an SSH key here and use them from the Git tab or terminal.