Is it safe to use NEXT_PUBLIC_APP_KEY for storing an API key?

langgenius / webapp-text-generator

MIT License

128 stars 347 forks source link

Is it safe to use NEXT_PUBLIC_APP_KEY for storing an API key? #4

Closed savokiss closed 11 months ago

savokiss commented 11 months ago

As far as I know, the NEXT_PUBLIC_ prefix is typically used for non-sensitive environment variables.

If you use this prefix to store an API key, there is a chance that it could be leaked, right?

crazywoola commented 11 months ago

See this doc

When you define Environment Variables as key-value pairs using the dashboard or Vercel CLI, they are configured outside your source code. These variables are available to your source code during the build process.

I don't think the prefix will affect the security. It's more like a convention.

savokiss commented 11 months ago

See this doc

When you define Environment Variables as key-value pairs using the dashboard or Vercel CLI, they are configured outside your source code. These variables are available to your source code during the build process.

I don't think the prefix will affect the security. It's more like a convention.

So, As I can find my NEXT_PUBLIC_APP_KEY in the dev mode on my browser's source code, you mean if I use vercel, it won't be exposed to the browser?