How do you protect your secret env variables when you configure Pages projects with wrangler.toml

[laurentlahmy]

Disclaimer - I don't understand much about security or next-on-pages.

I was using next on pages with a wrangler.toml file that was used for local D1 and R2 bindings.

Since this update, the wrangler.toml file also becomes a configuration file for prod. To be able to build and deploy, I have had to add a pages_build_output_dir and to store my env variables in the wrangler.toml (I was getting errors that the env variable were missing, maybe only because I'm using @t3-oss/env-nextjs).

Therefore, I need to commit my env variables to the repo, which I think is a big no no in terms security.

Please let me know what I'm missing, and how this is usually managed.
Thanks!

[dario-piotrowicz]

Hi @laurentlahmy 🙂

I think that what you're asking for are secrets?

You can put them in a .dev.vars file (that you don't commit) and have them work locally with wrangler pages dev (when using the Next.js dev server you should still use .env files).

Then to have them in your deployed application you need to set them via the Cloudflare dashboard.

Or if you prefer you should be able to do it via wrangler, I haven't tried but from 3.49.0 is seems like you should be able to use them via wrangler pages secrets 🙂

Please let me know if this helps 🙂