| ▲ | loloquwowndueo 2 hours ago | |
Sensitive environment variables are environment variables whose values are non-readable once created. So they are harder to introspect and review once set. It’s probably good practice to put non-secret-material in non-sensitive variables. (Pure speculation, I’ve never used Vercel) | ||
| ▲ | _heimdall 2 hours ago | parent [-] | |
I have used Vercel though prefer other hosts. There are cases where I want env variables to be considered non-secure and fine to be read later, I have one in a current project that defines the email address used as the From address for automated emails for example. In my opinion the lack of security should be opt-in rather than opt-out though. Meaning it should be considered secure by default with an option to make it readable. | ||