You can and should store secrets, credentials or private data securely inside the
.env. This is a secure environment config section in your projects, useful for storing API keys and app credentials.
Only invited collaborators are able to see the contents of your .env. So, anonymous viewers or logged-in users who haven’t been invited to your project can’t see them.
When remixing an app, the values that you enter in the .env are automatically cleared so they’re not copied across.
For example, check out the
.env file for our ~glitch-hello-node app:
To add secret data:
- Open the project editor and click .env in the left-side panel.
- Click Add a Variable.
- Name your variable and then enter the secret information on the line next to the variable name. The environment variables will update as you type.
- You can then reference your secret information with
process.env.[secret variable name].
This is how it will look for you and other project members:
This is how it will look for everyone else that clicks View Source:
and.... This is how it will look if someone remixes your project:
A note about database files:
- In addition to using .env, you should create a folder called
.datato safely store any data files that your project uses. Like .env, the contents of this folder are not copied across when a project is remixed. To see a full list of files that are not copied over when a project is remixed, click here.