|
|
|
|
|
|
by loloquwowndueo
58 days ago
|
|
|
Sensitive environment variables are environment variables
whose values are non-readable once created. So they are harder to introspect and review once set. It’s probably good practice to put non-secret-material in non-sensitive variables. (Pure speculation, I’ve never used Vercel) |
|
|
There are cases where I want env variables to be considered non-secure and fine to be read later, I have one in a current project that defines the email address used as the From address for automated emails for example.
In my opinion the lack of security should be opt-in rather than opt-out though. Meaning it should be considered secure by default with an option to make it readable.