Environmental variables as passwords not working

I have several environmental variables set up acting as passwords for my site. I also have a serverless function to handle comparing an entered password to the environmental variables:

exports.handler = async (event, context) => {
    const { password } = JSON.parse(event.body);
    const tempPassword = process.env.TEMP_PASSWORD;
    const expectedPassword = process.env.SITE_PASSWORD;
    const testPassword = process.env.PASSWORD;
    if (password === tempPassword || password === expectedPassword || password === testPassword) {
      return {
        statusCode: 200,
        body: JSON.stringify({ message: 'Password is correct' }),
    } else {
      return {
        statusCode: 401,
        body: JSON.stringify({ error: 'Unauthorized' }),

The only one that works is the SITE_PASSWORD/expectedPassword. I do not understand why the others do not work. I have checked all env variables are spelt correctly and the values are correct. I have tried console.log() to check on the event.body and environmental variables but they are not appearing in the logs.

Any insight would be greatly appreciated.

They’re all set correctly in Netlify’s Site Configuration => Environment Variables console?

It could be hard comparison, === instead of ==, hard comparison compares the memory address of the objects passed, so if the memory addresses are the same, the values must be the same, in a testing environment with the code:

import dotenv from "dotenv";
dotenv.config(); // require .env variables

const password = 12345; // password same as PASSWORD in .env

console.log(password == process.env.PASSWORD);

true is logged,


console.log(password === process.env.PASSWORD);

logs false, if the config and everything is set up correctly that would be my best guess as to what’s happening.

Thank you so much for your response. I have troubleshooted a bit more and think I discovered the problem. I have been modifying my serverless function and pushing the changes to my git repo. The changes are reflected in my git repo, but when netlify builds and deploys my site, it keeps using an old version of my serverless function which includes only the SITE_PASSWORD variable.

I’ve tried clearing the build cache and redeploying manually, but every time it does not update the severless function.

Any idea what the issue might be and how I might resolve? I appreciate your time again, thank you

Aye of course, check to ensure that your site config => env variables has each variable set, something like this (CMD/CTRL click to open in new tab), also make sure that the environment variables are set for all contexts for the build. After ensuring both of those, try to clear the cache and redeploy. I’ve never run into an issue where my envs weren’t being set as long as the variable is set for all contexts, and in my testing if I add the env variable it generally auto redeploys. If you could upload the files to a github repo or drop the link to the site that could also be helpful for troubleshooting if those steps don’t work. My guess is still === rather than == if everything is set correctly, however if I were able to get the repo/published site that’d be very helpful to actually be able to investigate if anything is going on in the network tab or console or anything else. You’ll get it figured out but if I could have a deeper look that’d be very helpful to actually be able to offer some insight that will fix it, not just guessing what could be wrong.

Mainly, just ensure the variables are set, and make sure that the usage is all scopes, along with the value being the same in all contexts. If you have a free account it should be limited to all scopes, but ensure that in every deploy context the variables are being included