Home
Support Forums

Risk of exposing environment variables in netlify.toml

Hi, my question is very straightfoward, Is it dangerous to put some env variable value directly into the netlify.toml file?, like, for instance:

  • Having the env variable:
    (Using Site settings > Build & deploy > Environment > Environment variables)
    ACCESS_TOKEN = "ENV-VAR-VALUE"

  • Having the following within netlify.toml:

[redirects.headers]
    X-From = "Netlify"
    X-Api-Key ="ENV-VAR-VALUE"

Yes for public repos, not for private. As long as you don’t share your TOML file (similar case to as the .env file), you’re good.

1 Like