Risk of exposing environment variables in netlify.toml

Hi, my question is very straightfoward, Is it dangerous to put some env variable value directly into the netlify.toml file?, like, for instance:

  • Having the env variable:
    (Using Site settings > Build & deploy > Environment > Environment variables)

  • Having the following within netlify.toml:

    X-From = "Netlify"
    X-Api-Key ="ENV-VAR-VALUE"

Yes for public repos, not for private. As long as you don’t share your TOML file (similar case to as the .env file), you’re good.

1 Like