If multiple people deploy your app or utilize a CI service, it's a better idea to use
to expose environment variables.
However, adding that file to
could cause potential issues. Secrets like API tokens and DB information are visible to anyone who has access to the source code. That's bad.
Secrets can help you. It's a configuration store that works across your account. Let's see how to use it:
First, add some secrets:
now secrets add my-app-mongo-url "user:email@example.com" now secrets add my-app-my-api-token "XXXXX"
Then, you can get these values inside environment variables.
Here's how to do that with
now.json file no longer contains secret information and it's safe to add that to Git and share with anyone. Only the people who can deploy the app has access to these secrets.
You can perform a few sets of operations with
Secrets, including adding, renaming and removing secrets. But you can't read secrets from the terminal.
Anyone who can deploy to
has access to these secrets. Disabling the ability to read secrets in the terminal is simply a barrier.
A user can still deploy a simple app to dump these secrets.
You can get more information about
Secrets by running the following Help command:
Help output of `now secrets`
Sometimes, you need to add secrets which has new lines (or any other special characters) in them (eg: certificates). But you won't be able to add them by simply using
now secrets add.
Instead, you can encode the secret into
before adding it. Here's how you could do that on Mac/Linux with a single command:
now secrets add my-cert $(cat /path/to/cert | base64)
Before you use the secret inside your app, you need to decode it. Here's how you could do it in a Node.js app.
const cert = Buffer.from(certFromtheSecret, 'base64').toString()
Base64 is a simple encoding algorithm which is available everywhere.
That's why we've used it. But it's okay to choose any text based encoding algorithm.