You can and should store secrets, credentials and other types of private data securely inside the .env.

Here's why:

• This is the secure environment config section in your project.
• Only invited collaborators are able to see the contents of your .env
• Anonymous viewers or logged-in users who haven’t been invited to your project can’t see them - even when the project is public.
• When remixing an app, the values that you enter in the .env are automatically cleared so they’re not copied across.

Here is what  .env looks like:

To add secret data:

1. Open the project editor and click .env in the file view.
2. Click Add a Variable.
3. Name your variable and then enter the secret information on the line next to the variable name.  The environment variables will update as you type.
4. You can then reference your secret information with process.env.[secret variable name].

A note about database files:

• In addition to using .env, you should create a folder called .data to safely store any data files that your project uses. Like .env, the contents of this folder are not copied across when a project is remixed.  To see a full list of files that are not copied over when a project is remixed, click here.