DEV Community

Cover image for Question: How do I deal with environment variables in production?
calebdeji
calebdeji

Posted on

Question: How do I deal with environment variables in production?

So I was checking the source code (in browser) of some of my projects and I discovered that even though I used environment variables to store sensitive information I could still see the values when rendered in the browser, meaning that my values are injected during runtime, hence still makes my projects vulnerable. How do I deal with env variables in production so that no one will see the values when the page source is viewed?

Discussion (2)

Collapse
andrisladuzans profile image
Andris Laduzans

in my experience i use netlify, and there is usualy an option to add environment variables via some sort of command after deployment. Same with heroku, and i suppose same should be true for other services aswell.
there are some posts here aswell on this topic
dev.to/fabiorosado/hide-your-api-k...

Collapse
coderdood profile image
Marcelus Trojahn

I'd say don't use it on front-end, for starters. Also, you are doing front-end and there's need for sensitive information on it, you are kinda doing it wrong..