> For the complete documentation index, see [llms.txt](https://docs.flxbl.io/flxbl/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.flxbl.io/flxbl/sfp-server/api-reference/variables.md). # Variables ## List variables for a project or environment > Lists project-scoped variables, or — when \`environmentName\` is provided — the environment-scoped variables for that environment. Secret values are masked.\ > \ > \*\*Authentication\*\*: Requires Owner or Member role. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/variables":{"get":{"operationId":"VariablesController_list","summary":"List variables for a project or environment","description":"Lists project-scoped variables, or — when `environmentName` is provided — the environment-scoped variables for that environment. Secret values are masked.\n\n**Authentication**: Requires Owner or Member role.","parameters":[{"name":"repositoryIdentifier","required":true,"in":"query","description":"Repository identifier (owner/repo)","schema":{"type":"string"}},{"name":"environmentName","required":false,"in":"query","description":"Environment name. When provided, returns environment-scoped variables for that environment.","schema":{"type":"string"}}],"responses":{"200":{"description":"List of variables (secret values masked)"},"403":{"description":"Forbidden - Requires role: owner, member"}},"tags":["Variables"]}}}} ``` ## Create or update a variable or secret > Upserts a project- or environment-scoped variable. Omit \`environmentName\` for a project-scoped value; supply it for an environment-scoped override.\ > \ > Set \`isSecret: true\` to encrypt the value at rest — secret values are never returned by list/get and are only decrypted at workflow runtime.\ > \ > \*\*Authentication\*\*: Requires Owner role. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}},"schemas":{"SetVariableDto":{"type":"object","properties":{"repositoryIdentifier":{"type":"string","description":"Repository identifier (owner/repo) the variable belongs to"},"key":{"type":"string","description":"Variable name. Uppercase, alphanumeric and underscores, starting with a letter."},"value":{"type":"string","description":"Variable value. For secrets this is the plaintext that gets encrypted at rest."},"isSecret":{"type":"boolean","description":"When true the value is encrypted at rest and never returned by list/get.","default":false},"environmentName":{"type":"string","description":"Environment name for an environment-scoped variable. Omit for a project-scoped variable."}},"required":["repositoryIdentifier","key","value"]}}},"paths":{"/sfp/api/variables":{"post":{"operationId":"VariablesController_set","summary":"Create or update a variable or secret","description":"Upserts a project- or environment-scoped variable. Omit `environmentName` for a project-scoped value; supply it for an environment-scoped override.\n\nSet `isSecret: true` to encrypt the value at rest — secret values are never returned by list/get and are only decrypted at workflow runtime.\n\n**Authentication**: Requires Owner role.","parameters":[],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SetVariableDto"}}}},"responses":{"201":{"description":"Variable created or updated"},"400":{"description":"Invalid key, unknown project, or unknown environment"},"403":{"description":"Forbidden - Requires role: owner"}},"tags":["Variables"]}}}} ``` ## Delete a variable > Permanently deletes a variable and any encrypted secret value. \*\*Authentication\*\*: Requires Owner role. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/variables":{"delete":{"operationId":"VariablesController_remove","summary":"Delete a variable","description":"Permanently deletes a variable and any encrypted secret value. **Authentication**: Requires Owner role.","parameters":[{"name":"repositoryIdentifier","required":true,"in":"query","schema":{"type":"string"}},{"name":"key","required":true,"in":"query","schema":{"type":"string"}},{"name":"environmentName","required":false,"in":"query","schema":{"type":"string"}}],"responses":{"204":{"description":"Variable deleted"},"403":{"description":"Forbidden - Requires role: owner"},"404":{"description":"Variable not found"}},"tags":["Variables"]}}}} ``` ## Effective variables with provenance for a project or environment > Returns the resolved set of variables a workflow would see, annotated with where each value comes from (project or environment) and whether an environment value overrides a project one. Secret values are not included — only their keys. Use this to show inherited vs overridden variables.\ > \ > \*\*Authentication\*\*: Requires Owner or Member role. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/variables/effective":{"get":{"operationId":"VariablesController_effective","summary":"Effective variables with provenance for a project or environment","description":"Returns the resolved set of variables a workflow would see, annotated with where each value comes from (project or environment) and whether an environment value overrides a project one. Secret values are not included — only their keys. Use this to show inherited vs overridden variables.\n\n**Authentication**: Requires Owner or Member role.","parameters":[{"name":"repositoryIdentifier","required":true,"in":"query","description":"Repository identifier (owner/repo)","schema":{"type":"string"}},{"name":"environmentName","required":false,"in":"query","description":"Environment name. When provided, returns environment-scoped variables for that environment.","schema":{"type":"string"}}],"responses":{"200":{"description":"Effective variables with source/override provenance"},"403":{"description":"Forbidden - Requires role: owner, member"}},"tags":["Variables"]}}}} ``` ## Get a single variable by key > Returns one variable. Secret values are masked. \*\*Authentication\*\*: Requires Owner or Member role. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/variables/lookup":{"get":{"operationId":"VariablesController_get","summary":"Get a single variable by key","description":"Returns one variable. Secret values are masked. **Authentication**: Requires Owner or Member role.","parameters":[{"name":"repositoryIdentifier","required":true,"in":"query","schema":{"type":"string"}},{"name":"key","required":true,"in":"query","schema":{"type":"string"}},{"name":"environmentName","required":false,"in":"query","schema":{"type":"string"}}],"responses":{"200":{"description":"The variable (secret value masked)"},"403":{"description":"Forbidden - Requires role: owner, member"},"404":{"description":"Variable not found"}},"tags":["Variables"]}}}} ``` ## Delete a variable across all scopes (project + every environment) > Removes the variable from the project scope AND every environment override for the repository, in one atomic operation. Encrypted secret values are removed too.\ > \ > \*\*Authentication\*\*: Requires Owner role. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"security":[{"access-token":[]}],"components":{"securitySchemes":{"access-token":{"scheme":"bearer","bearerFormat":"JWT","type":"http","in":"header"}}},"paths":{"/sfp/api/variables/all":{"delete":{"operationId":"VariablesController_removeAll","summary":"Delete a variable across all scopes (project + every environment)","description":"Removes the variable from the project scope AND every environment override for the repository, in one atomic operation. Encrypted secret values are removed too.\n\n**Authentication**: Requires Owner role.","parameters":[{"name":"repositoryIdentifier","required":true,"in":"query","schema":{"type":"string"}},{"name":"key","required":true,"in":"query","schema":{"type":"string"}}],"responses":{"200":{"description":"Deleted; returns the affected scopes ({ deleted, project, environments })"},"403":{"description":"Forbidden - Requires role: owner"},"404":{"description":"Variable not found in any scope"}},"tags":["Variables"]}}}} ``` ## Resolve variables & secrets for a task execution (worker-only) > Returns the effective variables for the execution scope (environment overrides project), with secret values decrypted for immediate use by the worker. ```json {"openapi":"3.0.0","info":{"title":"sfp server","version":"51.20.0"},"paths":{"/sfp/api/flows/internal/variables/{taskExecutionId}":{"get":{"operationId":"VariablesResolveController_resolve","summary":"Resolve variables & secrets for a task execution (worker-only)","description":"Returns the effective variables for the execution scope (environment overrides project), with secret values decrypted for immediate use by the worker.","parameters":[{"name":"taskExecutionId","required":true,"in":"path","description":"Task execution id of the running workflow","schema":{"type":"string"}}],"responses":{"200":{"description":"Resolved { vars, secrets, entries }"},"404":{"description":"Task execution not found"}},"tags":["Variables"]}}}} ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flxbl.io/flxbl/sfp-server/api-reference/variables.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.