loading...

Question: How do I deal with environment variables in production?

twitter logo github logo ・1 min read

So I was checking the source code (in browser) of some of my projects and I discovered that even though I used environment variables to store sensitive information I could still see the values when rendered in the browser, meaning that my values are injected during runtime, hence still makes my projects vulnerable. How do I deal with env variables in production so that no one will see the values when the page source is viewed?

twitter logo DISCUSS (2)
markdown guide
 

in my experience i use netlify, and there is usualy an option to add environment variables via some sort of command after deployment. Same with heroku, and i suppose same should be true for other services aswell.
there are some posts here aswell on this topic
dev.to/fabiorosado/hide-your-api-k...

 

I'd say don't use it on front-end, for starters. Also, you are doing front-end and there's need for sensitive information on it, you are kinda doing it wrong..

Classic DEV Post from Apr 29 '19

Are we pretentious and arrogant?

Do you think that we, as developers, have a slighly tendency to become quite selfish because of our so specific-skills?

calebdeji profile image
A Front End Developer who likes mental health rap bars