DEV Community

loading...
Cover image for Question: How do I deal with environment variables in production?

Question: How do I deal with environment variables in production?

calebdeji profile image calebdeji ・1 min read

So I was checking the source code (in browser) of some of my projects and I discovered that even though I used environment variables to store sensitive information I could still see the values when rendered in the browser, meaning that my values are injected during runtime, hence still makes my projects vulnerable. How do I deal with env variables in production so that no one will see the values when the page source is viewed?

Discussion (2)

pic
Editor guide
Collapse
andrisladuzans profile image
Andris Laduzans

in my experience i use netlify, and there is usualy an option to add environment variables via some sort of command after deployment. Same with heroku, and i suppose same should be true for other services aswell.
there are some posts here aswell on this topic
dev.to/fabiorosado/hide-your-api-k...

Collapse
coderdood profile image
Marcelus Trojahn

I'd say don't use it on front-end, for starters. Also, you are doing front-end and there's need for sensitive information on it, you are kinda doing it wrong..