You can and should store secrets, credentials or private data securely inside the .env
. This is a secure environment config section in your projects, useful for storing API keys and app credentials.
Only invited collaborators are able to see the contents of your .env. So, anonymous viewers or logged-in users who haven’t been invited to your project can’t see them.
When remixing an app the values are cleared so they’re not copied across.
For example, check out the .env
file for our ~hello-express app:
To add secret data:
- Open the Project Editor and click .env in the left-side panel.
- Click Add a Variable.
- Name your variable and then enter the secret information on the line next to the variable name. The environment variables will update as you type.
- You can then reference your secret with
process.env.[secret variable name].
This is how it will look for you and other project members:
This is how it will look for everyone else that clicks View Source:
and.... This is how it will look if someone remixes your project:
A note about data files:
- In addition to using .env, you should create a foldercalled
.data
to safely store any data files that your project uses. Like the .env, the contents of this folder are not copied across when a project is remixed.