Risk of exposing environment variables in netlify.toml

unique_ptr · January 15, 2022, 11:26am

Hi, my question is very straightfoward, Is it dangerous to put some env variable value directly into the netlify.toml file?, like, for instance:

Having the env variable:
(Using Site settings > Build & deploy > Environment > Environment variables)
ACCESS_TOKEN = "ENV-VAR-VALUE"
Having the following within netlify.toml:

[redirects.headers]
    X-From = "Netlify"
    X-Api-Key ="ENV-VAR-VALUE"

hrishikesh · January 16, 2022, 12:22pm

Yes for public repos, not for private. As long as you don’t share your TOML file (similar case to as the .env file), you’re good.