pls how do I prevent my API key from being exposed,
I'm using next.js and i have my .env file like this: NEXT_PUBLIC_MOVIEDB_APIKEY=KEY, and i read it well in the application but in production,
I want to hide it in my repo. I'm using vercel for that.
in my gitignore file the .env is included but once its in production it doesn't work anymore.
Δεν μπορείτε να βρείτε κάποια ταινία ή σειρά; Συνδεθείτε για να τη δημιουργήσετε.
Θέλετε να αξιολογήσετε ή να προσθέσετε αυτό το στοιχείο σε μια λίστα;
Δεν είσαι μέλος;
Απάντηση από τον/την ticao2 🇧🇷 pt-BR
στις 12 Μάιος 2023 στις 08:26 ΕΊΜΑΙ
I think that by adding some keywords to the title of this conversation, maybe other users will more easily understand the problem and can help.
Hide API Key - Vercel Next.js ,env file
Απάντηση από τον/την lwinkk
στις 4 Μάιος 2024 στις 08:11 ΜΜ
add the environment variable to your vercel dashboard so vercel has access to it in prod as well. it will work fine in dev env since youre reading everything straight from sourc code. but vercel doesnt have access to github files that are ignored. .env file is ignored so you need to explicitly tell vercel what the key is. this is a generic rule and applies to any host that is deploying your github code.