This doesn’t seem possible just wanted to double confirm with you guys.
Shopify is not a hosted environment for arbitrary code or executables.
Any “ENV variables” only apply to hosting you control for your side of the app equation.
Any meta data an app needs to store or reference should you shopify metafields; 
at no point should these metafields be use to store sensitive security information like app authentication or clear text passwords, etc.
1 Like
Thanks so if my app calls an external endpoint which is currently hardcoded to localhost:8080, I assume I need to use metafields (possibly a Boolean flag) to get the app to call the production endpoint once the app is live?