Nextjs Env Vars Mk2
I ran into the issue of how to manage environment variables with a NextJS app a while ago and made some notes
After living with this for a while and settling on using sops for secrets encryption what I have found works best for me is
Secrets
- stored encrypted
- made available as env vars at deployment time
- not available during build
I would have to revisit this process if a secret was needed to access an API during build
Other Variables
Everything else I store in environment specific env files which are included at build time
Explanation
Some env vars must be set at build times - especially any NEXT_PUBLIC ones which are inlined at build time
Some must not be included in build are they are sensitive secrets
Other env vars could be made available as run time env vars
Having three levels of variables proved overly complicated for no real benefit.
Once we have .env files and environment specific builds it is simplest to use these as much as possible.
Secrets are more clearly special and having a different process fo these is more easily communicated within the team.