Skip to main content
The syncEnvVars build extension will sync env vars from another service into Trigger.dev before the deployment starts. This is useful if you are using a secret store service like Infisical or AWS Secrets Manager to store your secrets. syncEnvVars takes an async callback function, and any env vars returned from the callback will be synced to Trigger.dev.
The callback is passed a context object with the following properties:
  • environment: The environment name that the task is being deployed to (e.g. production, staging, etc.)
  • projectRef: The project ref of the Trigger.dev project
  • env: The environment variables that are currently set in the Trigger.dev project

Marking variables as secrets

Return the array form and set isSecret: true on any variable you want stored as a secret. Secret env vars are redacted in the dashboard and their values can’t be revealed after they’re set, just like manually created secret variables. You can mix secret and non-secret variables in the same callback.
isSecret is only available when you return the array form ({ name, value, isSecret }). The record form ({ KEY: "value" }) always creates non-secret variables.

Example: Sync env vars from Infisical

In this example we’re using env vars from Infisical.
trigger.config.ts

syncVercelEnvVars

The syncVercelEnvVars build extension syncs environment variables from your Vercel project to Trigger.dev.
You need to set the VERCEL_ACCESS_TOKEN and VERCEL_PROJECT_ID environment variables, or pass in the token and project ID as arguments to the syncVercelEnvVars build extension. If you’re working with a team project, you’ll also need to set VERCEL_TEAM_ID, which can be found in your team settings.You can find / generate the VERCEL_ACCESS_TOKEN in your Vercel dashboard. Make sure the scope of the token covers the project with the environment variables you want to sync.
When running the build from a Vercel build environment (e.g., during a Vercel deployment), the environment variable values will be read from process.env instead of fetching them from the Vercel API. This is determined by checking if the VERCEL environment variable is present.The API is still used to determine which environment variables are configured for your project, but the actual values come from the local environment. Reading values from process.env allows the extension to use values that Vercel integrations (such as the Neon integration) set per preview deployment in the “Provisioning Integrations” phase that happens just before the Vercel build starts.
If you have the Neon database Vercel integration installed and are running builds outside of the Vercel environment, we recommend using syncNeonEnvVars in addition to syncVercelEnvVars for your database environment variables.This ensures that the correct database connection strings are used for your selected environment and current branch, as syncVercelEnvVars may not accurately reflect branch-specific database credentials when run locally.
Or you can pass in the token and project ID as arguments:

syncNeonEnvVars

The syncNeonEnvVars build extension syncs environment variables from your Neon database project to Trigger.dev. It automatically detects branches and builds the appropriate database connection strings for your environment.
You need to set the NEON_ACCESS_TOKEN and NEON_PROJECT_ID environment variables, or pass them as arguments to the syncNeonEnvVars build extension.You can generate a NEON_ACCESS_TOKEN in your Neon dashboard.
When running the build from a Vercel environment (determined by checking if the VERCEL environment variable is present), this extension is skipped entirely.This is because Neon’s Vercel integration already handles environment variable synchronization in Vercel environments.
If you have the Neon database Vercel integration installed and are running builds outside of the Vercel environment, we recommend using syncNeonEnvVars in addition to syncVercelEnvVars for your database environment variables.This ensures that the correct database connection strings are used for your selected environment and current branch, as syncVercelEnvVars may not accurately reflect branch-specific database credentials when run locally.
This extension is skipped for prod environments. It is designed to sync branch-specific database connections for preview/staging environments.
Or you can pass in the token and project ID as arguments:
The extension syncs the following environment variables (with optional prefix):
  • DATABASE_URL - Pooled connection string
  • DATABASE_URL_UNPOOLED - Direct connection string
  • POSTGRES_URL, POSTGRES_URL_NO_SSL, POSTGRES_URL_NON_POOLING
  • POSTGRES_PRISMA_URL - Connection string optimized for Prisma
  • POSTGRES_HOST, POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DATABASE
  • PGHOST, PGHOST_UNPOOLED, PGUSER, PGPASSWORD, PGDATABASE

syncSupabaseEnvVars

The syncSupabaseEnvVars build extension syncs environment variables from your Supabase project to Trigger.dev. It uses Supabase Branching to automatically detect branches and build the appropriate database connection strings and API keys for your environment.
You need to set the SUPABASE_ACCESS_TOKEN and SUPABASE_PROJECT_ID environment variables, or pass them as arguments to the syncSupabaseEnvVars build extension.You can generate a SUPABASE_ACCESS_TOKEN in your Supabase dashboard.
When running the build from a Vercel environment (determined by checking if the VERCEL environment variable is present), this extension is skipped entirely.
For prod environments, this extension uses credentials from your default Supabase branch. For preview and staging environments, it matches the git branch name to a Supabase branch and syncs the corresponding database connection strings and API keys. dev environments are skipped.
Or you can pass in the token, project ID, and other options as arguments:
The extension syncs the following environment variables (with optional prefix):
  • DATABASE_URL, POSTGRES_URL, SUPABASE_DB_URL — PostgreSQL connection strings
  • PGHOST, PGPORT, PGUSER, PGPASSWORD, PGDATABASE — Individual connection parameters
  • SUPABASE_URL — Supabase API URL
  • SUPABASE_ANON_KEY — Anonymous API key
  • SUPABASE_SERVICE_ROLE_KEY — Service role API key
  • SUPABASE_JWT_SECRET — JWT secret