Secrets manager failing build?

Kael_Broersma · March 12, 2025, 3:18am

Hello, I am currently building a website on bolt.new, exporting to github and deploying through netlify so I can use functions, etc.

I have all of my env variables set through netlify- none in my code. I have attempted any env processing calls to netlify functions, however, my API keys are still being leaked into my build folder.

Even API keys that I do not have set to be processed inside of my code is being logged into my dist/assets html files.

Basically, every env file I have configured as a secret is being published to my build… even though I don’t reference a few of them. Why is this?

Thank you.

Kael_Broersma · March 12, 2025, 4:07am

Update; I have figured out that it was leaking them as my ENV files had the prefix “VITE_”

However, now it is only the env variables that are processed within my code that is leaked. Help! Lol.

Kael_Broersma · March 12, 2025, 4:48am

SOLVED!

For users experiencing this issue- first, view my above text.
Secondly, ensure that you are not using process.env in any file in your front-end code.
Pass every instance where you must use your secret credentials to your netlify functions

Saying this now, I feel braindead. But a few overlooked files in a large project will completely throw your security off!

Cheers!

Topic		Replies	Views
Why are my env key not hidden in dev mode? Support environment-vars	4	2317	June 19, 2020
Cannot find file './secrets.json' in './src' Support	10	3371	September 23, 2019
Created A Post That Doesn't Show Up Under "My Posts", Not Sure Why But Still Need Help Support deployment , lambda-functions , environment-vars	1	440	December 18, 2022
GitHub Secrets in netlify.toml Support git , github-actions , netlify-newbie , security	1	937	October 8, 2022
Introducing Secrets Controller! Updates updates	6	740	April 17, 2024

Secrets manager failing build?

Related topics