Skip to main content

Expo Android Build — Environment Variables Guide

Overview

There are three ways to manage environment variables in an Expo project, depending on the stage:

StageMethod
Local development.env file with EXPO_PUBLIC_ prefix
EAS Build (dev/prod)eas.json under the env block
Sensitive secretsEAS Secrets via CLI

1. Local Development — .env File

For local development (expo start or npx expo run:android), create a .env.local file in your project root. All variables must be prefixed with EXPO_PUBLIC_ to be accessible in your app's JavaScript code.

# .env.local
EXPO_PUBLIC_API_URL=https://dev.api.example.com
EXPO_PUBLIC_STRIPE_KEY=pk_test_xxx

Access them in your code like this:

const apiUrl = process.env.EXPO_PUBLIC_API_URL;
console.log(apiUrl); // https://dev.api.example.com

⚠️ Important: Variables with the EXPO_PUBLIC_ prefix are bundled into the app and visible to end users. Never store private keys or secrets here.


2. EAS Build — eas.json

For cloud builds via EAS, define your environment variables inside eas.json under each build profile's env block. These are injected at build time.

{
"build": {
"development": {
"android": {
"buildType": "apk"
},
"env": {
"EXPO_PUBLIC_API_URL": "https://dev.api.example.com",
"EXPO_PUBLIC_APP_ENV": "development"
}
},
"production": {
"env": {
"EXPO_PUBLIC_API_URL": "https://api.example.com",
"EXPO_PUBLIC_APP_ENV": "production"
}
}
}
}

Run the build for a specific profile:

# Development build
eas build --platform android --profile development

# Production build
eas build --platform android --profile production

3. Sensitive Secrets — EAS Secrets

For sensitive values (API keys, tokens, passwords) that you don't want committed to your repository, use EAS Secrets. These are stored encrypted on Expo's servers and injected at build time — same as eas.json env vars, but secure.

Create a secret via the CLI:

eas secret:create --scope project --name MY_SECRET_KEY --value "your-secret-value"

List existing secrets:

eas secret:list

Delete a secret:

eas secret:delete --name MY_SECRET_KEY

Once created, the secret is automatically available during EAS builds as an environment variable — no additional configuration needed.


Putting It All Together

A typical project structure looks like this:

my-expo-app/
├── .env.local # Local dev variables (gitignored)
├── .gitignore
├── eas.json # Build profiles + non-secret env vars
├── app.json
└── app/
└── index.tsx

.gitignore — make sure your .env files are excluded:

.env
.env.local
.env*.local

Example usage in code that works across all environments:

// works locally, in EAS dev build, and in production
const API_URL = process.env.EXPO_PUBLIC_API_URL;
const APP_ENV = process.env.EXPO_PUBLIC_APP_ENV;

console.log(`Running in ${APP_ENV} — connecting to ${API_URL}`);

Quick Reference

Variable typeVisible to users?Committed to repo?Where to define
EXPO_PUBLIC_* (local)✅ Yes❌ No (gitignored).env.local
EXPO_PUBLIC_* (build)✅ Yes✅ Yeseas.json
Secrets❌ No❌ NoEAS Secrets (CLI)