'Will my .env variable value be exposed to clients?

I am using .env to store all my private Api_key value, which is to call third party API key like google map.

I was told that, with react js, the javascipt is actually excuted in client side.

Does it mean that actually, my .env variables are accessible by clients too in which they can actually see my API key?

For example, in my component code, I have this

<Geocoder
  mapRef={mapRef}
  mapboxApiAccessToken={process.env.NEXT_PUBLIC_mapbox_key}
  position="top-left"
  placeholder="Set your position"
/>

In my .env

NEXT_PUBLIC_mapbox_key=<KEY>

If yes, how do I keep it safe while providing the key to the third party components

reactjsnext.jsenvironment-variables


Solution 1:[1]

Yes, users will be available to see your API key in network inspection, even if you will keep it in the .env file which is excluded from git.

It's better to make a separate route on your backend side and keep your API key on the backend - if it is possible.

Some useful links:

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Ivan Stelmakh

Related Questions

TOX can't find the browser binary

Flutter testing error: NotInitializedError which involves environment variables (.env)

How to programmatically derive Windows Downloads folder "%USERPROFILE%/Downloads"?

How to set environment variables in GitHub actions using python

difference between http_proxy and https_proxy

How to set env variables using ASDF in a Rails project

Launch Pycharm from command line (terminal)

Heroku error when adding an Environment Variable that is a Comma Separated Value with Spaces

.bash_profile does not display echo information after update

Environment Variable for debugging in Visual Studio 2022

Retrieving a CI variable from Gitlab project and use it within Dockerfile

How do I run a python file in Atom? Conda env?

environment variable not working in react firebase config file

Cloud Build env variables not passed to Django app on GAE

How to set custom environment variables in tomcat?