diff --git a/lib/travis/api/app.rb b/lib/travis/api/app.rb
index f099787f..391cece3 100644
--- a/lib/travis/api/app.rb
+++ b/lib/travis/api/app.rb
@@ -114,6 +114,8 @@ module Travis::Api
         use Travis::Api::App::Middleware::Metriks
         use Travis::Api::App::Middleware::Rewrite
 
+        SettingsEndpoint.subclass :env_vars
+
         Endpoint.subclasses.each do |e|
           next if e == SettingsEndpoint # TODO: add something like abstract? method to check if
                                         # class should be registered
diff --git a/lib/travis/api/v2/http.rb b/lib/travis/api/v2/http.rb
index ca1384cf..fccd72cc 100644
--- a/lib/travis/api/v2/http.rb
+++ b/lib/travis/api/v2/http.rb
@@ -24,6 +24,8 @@ module Travis
         require 'travis/api/v2/http/ssl_key'
         require 'travis/api/v2/http/ssh_key'
         require 'travis/api/v2/http/ssh_keys'
+        require 'travis/api/v2/http/env_var'
+        require 'travis/api/v2/http/env_vars'
         require 'travis/api/v2/http/user'
         require 'travis/api/v2/http/validation_error'
       end
diff --git a/lib/travis/api/v2/http/env_var.rb b/lib/travis/api/v2/http/env_var.rb
new file mode 100644
index 00000000..0b3e98c0
--- /dev/null
+++ b/lib/travis/api/v2/http/env_var.rb
@@ -0,0 +1,11 @@
+module Travis
+  module Api
+    module V2
+      module Http
+        class EnvVar < Travis::Api::Serializer
+          attributes :id, :name, :public
+        end
+      end
+    end
+  end
+end
diff --git a/lib/travis/api/v2/http/env_vars.rb b/lib/travis/api/v2/http/env_vars.rb
new file mode 100644
index 00000000..601dcc3a
--- /dev/null
+++ b/lib/travis/api/v2/http/env_vars.rb
@@ -0,0 +1,2 @@
+class Travis::Api::V2::Http::EnvVars < Travis::Api::ArraySerializer
+end
diff --git a/spec/integration/v2/settings/env_vars_spec.rb b/spec/integration/v2/settings/env_vars_spec.rb
new file mode 100644
index 00000000..052305ec
--- /dev/null
+++ b/spec/integration/v2/settings/env_vars_spec.rb
@@ -0,0 +1,148 @@
+require 'spec_helper'
+
+describe Travis::Api::App::SettingsEndpoint do
+  let(:repo)    { Repository.by_slug('svenfuchs/minimal').first }
+  let(:headers) { { 'HTTP_ACCEPT' => 'application/vnd.travis-ci.2+json' } }
+
+  describe 'with authenticated user' do
+    let(:user)    { User.where(login: 'svenfuchs').first }
+    let(:token)   { Travis::Api::App::AccessToken.create(user: user, app_id: -1) }
+    let(:headers) { { 'HTTP_ACCEPT' => 'application/json; version=2', 'HTTP_AUTHORIZATION' => "token #{token}" } }
+
+    before { user.permissions.create!(:repository_id => repo.id, :admin => true, :push => true) }
+
+    describe 'GET /settings/env_vars/:id' do
+      it 'returns an item' do
+        settings = repo.settings
+        record = settings.env_vars.create(name: 'FOO', value: 'bar')
+        settings.save
+
+        response = get '/settings/env_vars/' + record.id, { repository_id: repo.id }, headers
+        json = JSON.parse(response.body)
+        json['env_var']['name'].should == 'FOO'
+        json['env_var']['id'].should == record.id
+        json['env_var']['public'].should be_false
+        json['env_var'].should_not have_key('value')
+      end
+
+      it 'returns 404 if env var can\'t be found' do
+        response = get '/settings/env_vars/123', { repository_id: repo.id }, headers
+        json = JSON.parse(response.body)
+        json['error'].should == "Could not find a requested setting"
+      end
+    end
+
+    describe 'GET /settings/env_vars' do
+      it 'returns a list of env vars' do
+        settings = repo.settings
+        record = settings.env_vars.create(name: 'FOO', value: 'bar')
+        settings.save
+
+        response = get '/settings/env_vars', { repository_id: repo.id }, headers
+        response.should be_successful
+
+        json = JSON.parse(response.body)
+        key = json['env_vars'].first
+        key['name'].should == 'FOO'
+        key['id'].should == record.id
+        key['public'].should be_false
+        key.should_not have_key('value')
+      end
+    end
+
+    describe 'POST /settings/env_vars' do
+      it 'creates a new key' do
+        body = { env_var: { name: 'FOO', value: 'bar' } }.to_json
+        response = post "/settings/env_vars?repository_id=#{repo.id}", body, headers
+        json = JSON.parse(response.body)
+        json['env_var']['name'].should == 'FOO'
+        json['env_var']['id'].should_not be_nil
+        json['env_var'].should_not have_key('value')
+
+        env_var = repo.reload.settings.env_vars.first
+        env_var.id.should_not be_nil
+        env_var.name.should == 'FOO'
+        env_var.value.decrypt.should == 'bar'
+      end
+
+      it 'returns error message if a key is invalid' do
+        response = post "/settings/env_vars?repository_id=#{repo.id}", '{}', headers
+        response.status.should == 422
+
+        json = JSON.parse(response.body)
+        json['message'].should == 'Validation failed'
+        json['errors'].should == [{
+          'field' => 'name',
+          'code' => 'missing_field'
+        }]
+
+        repo.reload.settings.env_vars.length.should == 0
+      end
+    end
+
+    describe 'PATCH /settings/env_vars/:id' do
+      it 'should update a key' do
+        settings = repo.settings
+        env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
+        settings.save
+
+        body = { env_var: { value: 'baz' } }.to_json
+        response = patch "/settings/env_vars/#{env_var.id}?repository_id=#{repo.id}", body, headers
+        json = JSON.parse(response.body)
+        json['env_var']['name'].should == 'FOO'
+        json['env_var']['id'].should == env_var.id
+        json['env_var'].should_not have_key('value')
+
+        updated_env_var = repo.reload.settings.env_vars.find(env_var.id)
+        updated_env_var.id.should == env_var.id
+        updated_env_var.name.should == 'FOO'
+        updated_env_var.value.decrypt.should == 'baz'
+      end
+
+      it 'returns an error message if env_var is invalid' do
+        settings = repo.settings
+        env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
+        settings.save
+
+        body = { env_var: { name: '' } }.to_json
+        response = patch "/settings/env_vars/#{env_var.id}?repository_id=#{repo.id}", body, headers
+        response.status.should == 422
+
+        json = JSON.parse(response.body)
+        json['message'].should == 'Validation failed'
+        json['errors'].should == [{
+          'field' => 'name',
+          'code' => 'missing_field'
+        }]
+
+        updated_env_var = repo.reload.settings.env_vars.find(env_var.id)
+        updated_env_var.id.should == env_var.id
+        updated_env_var.name.should == 'FOO'
+        updated_env_var.value.decrypt.should == 'bar'
+      end
+    end
+
+    describe 'DELETE /env_vars/:id' do
+      it 'should delete an env_var' do
+        settings = repo.settings
+        env_var = settings.env_vars.create(name: 'FOO', value: 'bar')
+        settings.save
+
+        params = { repository_id: repo.id }
+        response = delete '/settings/env_vars/' + env_var.id, params, headers
+        json = JSON.parse(response.body)
+        json['env_var']['name'].should == 'FOO'
+        json['env_var']['id'].should == env_var.id
+        json['env_var'].should_not have_key('value')
+
+        repo.reload.settings.env_vars.should have(0).env_vars
+      end
+
+      it 'returns 404 if env_var can\'t be found' do
+        response = delete '/settings/env_vars/123', { repository_id: repo.id }, headers
+        json = JSON.parse(response.body)
+        json['error'].should == "Could not find a requested setting"
+      end
+    end
+  end
+end