Storing keys without exposing them

[sachdeva-shrey]

Hey! I'm new to Nextjs. I wanted to store some secrets but I'm a bit confused about what is the correct way of storing secrets in a Nextjs app?

Does storing keys in my next.config.js make them untraceable from the front-end?
If not, what really is the difference between storing keys in a simple .env file or a next.config.js file?

Can someone please suggest a good method of storing and utilising keys securely?

[rafaelalmeidatk]

Does storing keys in my next.config.js make them untraceable from the front-end?

Do you mean the env field of next.config.js? Everything in this field can go into the JS bundle, so they are public.

If not, what really is the difference between storing keys in a simple .env file or a next.config.js file?

When storing variables in the .env file, Next.js will load them into the Node.js environment. This means you can use these variables in the data-fetching methods like getStaticProps or in the API routes. These variables aren't public yet, they can only be accessed from the client if you prefix them with NEXT_PUBLIC_, then they become public