Risk of exposing environment variables in netlify.toml

unique_ptr · January 15, 2022, 11:26am

Hi, my question is very straightfoward, Is it dangerous to put some env variable value directly into the netlify.toml file?, like, for instance:

Having the env variable:
(Using Site settings > Build & deploy > Environment > Environment variables)
ACCESS_TOKEN = "ENV-VAR-VALUE"
Having the following within netlify.toml:

[redirects.headers]
    X-From = "Netlify"
    X-Api-Key ="ENV-VAR-VALUE"

hrishikesh · January 16, 2022, 12:22pm

Yes for public repos, not for private. As long as you don’t share your TOML file (similar case to as the .env file), you’re good.

Topic		Replies	Views
GitHub Secrets in netlify.toml Support git , github-actions , netlify-newbie , security	1	905	October 8, 2022
Is there any way for functions to use netlify.toml env vars? Support lambda-functions	1	379	April 17, 2022
[Support Guide] Using environment variables on Netlify correctly Support Guides environment-vars , support-guide	117	79261	November 15, 2024
How to hide environment variable in a file base configuration Support environment-vars	3	3060	June 10, 2020
Netlify Functions and Env Variables from netlify.toml Support lambda-functions , environment-vars	23	16656	April 1, 2022