You can and should store secrets, credentials and other types of private data securely inside the .env
.
Here's why:
- This is the secure environment config section in your project.
- Only invited collaborators are able to see the contents of your .env
- Anonymous viewers or logged-in users who haven’t been invited to your project can’t see them - even when the project is public.
- When remixing an app, the values that you enter in the .env are automatically cleared so they’re not copied across.
Here is what .env
looks like:
To add secret data:
- Open the project editor and click .env in the file view.
- Click Add a Variable.
- Name your variable and then enter the secret information on the line next to the variable name. The environment variables will update as you type.
- You can then reference your secret information with
process.env.[secret variable name].
A note about database files:
- In addition to using .env, you should create a folder called
.data
to safely store any data files that your project uses. Like .env, the contents of this folder are not copied across when a project is remixed. To see a full list of files that are not copied over when a project is remixed, click here.