Runtime "env variables"
Unanswered
porto posted this in #help-forum
portoOP
I'm looking for a recommended way to deploy Next.js applications using a single Docker image across multiple environments. The core challenge is that both my server-side and client-side environment variables need to be defined and read at runtime for each specific environment.
Is there a standard or widely recommended solution within the Next.js ecosystem to achieve this? I've been exploring libraries like next-runtime-env, but I have some security concerns that I've detailed in this GitHub issue: https://github.com/expatfile/next-runtime-env/issues/187 I'd appreciate any insights or alternative approaches you might have for securely handling runtime environment variables in a single-image Docker deployment.
Is there a standard or widely recommended solution within the Next.js ecosystem to achieve this? I've been exploring libraries like next-runtime-env, but I have some security concerns that I've detailed in this GitHub issue: https://github.com/expatfile/next-runtime-env/issues/187 I'd appreciate any insights or alternative approaches you might have for securely handling runtime environment variables in a single-image Docker deployment.
4 Replies
Burmese
Unfortunately in next.js (and many other frameworks) the concept of being "static" (bundled at build time) is coupled with being "public" (not sensitive) - meaning anything with
Instead you need to wire up a server endpoint which will return config (which has been set at boot time) to the client, and then fetch it in the client.
NEXT_PUBLIC_ will be bundled at build time.Instead you need to wire up a server endpoint which will return config (which has been set at boot time) to the client, and then fetch it in the client.
re: your above concern - either way, anything server rendered will have access to your config and it becomes hard to be 100% sure you are not accidentally leaking something. This is just a danger in this weird hybrid client/server rendered world, where it's not always clear where code is executing or what built code will be exposed to the client.
one open source tool that can help with all this is DMNO - both in terms of managing which items are ok to bundle at build time, and helping prevent leaks
we are also working on something new that could help, feel free to DM me if you want to try it out