Next.js Discord

Discord Forum

With .env deploy is it risky on vercel?

Answered
atalay posted this in #help-forum
Open in Discord
atalayOP
Hello guys I have some variables like bunch of API keys, secret keys, clientID, bla bla bla... Is it risky that .env variables deploying on vercel? (my .env file) Should I use vercel Environment Variables section as I attached the image below or no problem with that if I use my .env file?
Answered by B33fb0n3
your .env file will also be uploaded on github (if not excluded). Github shouldn't be allowed to see your secrets. So you normally create a .env file for all the public env variables (in all enviorements (dev, prod, ..) and create a .env.local for all private variables. These private variables are then shared with vercel (you add them there) so that they can be used when you deploy on vercel
View full answer

5 Replies

@atalay Hello guys I have some variables like bunch of API keys, secret keys, clientID, bla bla bla... Is it risky that .env variables deploying on vercel? (my .env file) Should I use vercel Environment Variables section as I attached the image below or no problem with that if I use my .env file?
B33fb0n3
your .env file will also be uploaded on github (if not excluded). Github shouldn't be allowed to see your secrets. So you normally create a .env file for all the public env variables (in all enviorements (dev, prod, ..) and create a .env.local for all private variables. These private variables are then shared with vercel (you add them there) so that they can be used when you deploy on vercel
Answer
@B33fb0n3 I would recommend that, yea
atalayOP
Thanks for your help I would try that.
B33fb0n3
happy to help