-
|
I want to put credentials in environment variables and use them in a SvelteKit server-side endpoint, without leaking them to pages. I've set up a module with a function like this: function getCredentials() {
if (!import.meta.env.SSR) {
throw new Error(`Will not get credentials outside the server`);
} else {
const secret: string = import.meta.env.VITE_SECRET;
return { secret };
}
}I've noticed that for production the secrets are correctly not included in the code that is sent to the client, but in development mode they may be included if the file is accidentally imported. Does this setup make sense? Is there some other recommendation? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Though it depends on how you deploy, as long as you import the module only on server side, why don't you use simply |
Beta Was this translation helpful? Give feedback.
-
|
I think you are right! I was somehow stuck on the idea that I needed to use "VITE_" variables, but obviously for running in the server I should use normal environment variables that will not be inlined. Edit: I realize now this wasn't clear in my question because I had simplified the code. I was using |
Beta Was this translation helpful? Give feedback.
Though it depends on how you deploy, as long as you import the module only on server side, why don't you use simply
process.env.SECRET?