I’m building a React app which will have a simple auth flow via a netlify function/lambda.
The lambda will need a secret token, which I was going to supply via environment variable. Obviously I need the env var to be readable by the lambda, and NOT anywhere on the frontend or anywhere public. Ideally it wouldn’t even be present when building the frontend app, but so far everything I’ve read indicates that all env vars are present during both build and lambda runtime. I can live with that.
Anyway, I was happily defining my env vars through the netlify web app, when I noticed a little badge on the right-hand side, next to each variable, that says “Public”? What does that mean? Is it safe for me to define secrets here or will they be publicly visible somehow? See screenshot below:
Related, the docs here talk about settings for sensitive variables, but I can’t find any such settings in netlify app. Which is weird.