These work just like the shell environment variables you're used to. You set them on the settings page, and then you can access them in any notebook, like this:
var mySecret = process.env.SECRET;
Everything in your environment stays with your account. When people clone a notebook, your environment won't go with it. Be aware, however, than if you log the value of an environment variable, or return it as the output of a code cell, that will be visible to everyone.
You can have as many variables as you like, and we've also made a few handy integrations that make it easy to get set up with OAuth credentials for popular services. These credentials will never be used by us; they're entirely for you to use in your own notebooks.