The Big Idea
What if your app's secret keys were accidentally shared with the whole world? Here's how to prevent that.
0
0
Why Environment variables and secrets in Supabase? - Purpose & Use Cases
The Scenario
Imagine you have to set up your app on multiple computers by typing passwords and keys every time you start it.
You write them down in your code or share them in chat messages.
It feels like leaving your house keys under the doormat for everyone to find.
The Problem
Manually typing or storing secrets in code is slow and risky.
You might mistype a password or accidentally share it with others.
Changing a secret means updating many places, which is tiring and error-prone.
The Solution
Environment variables and secrets let you store sensitive info safely outside your code.
Your app reads them automatically when it runs, so you never expose passwords in your files.
This keeps your secrets safe and makes updates easy.
Before vs After
✗ Before
const apiKey = 'my-secret-key'; // hardcoded in code
✓ After
const apiKey = process.env.API_KEY; // loaded from environment variablesWhat It Enables
You can safely manage and update sensitive data without touching your code, making your app more secure and flexible.
Real Life Example
A developer deploys a Supabase app and sets the database password as a secret in the environment.
When the password changes, they update it once in the environment, and the app keeps working without code changes.
Key Takeaways
Manual secret handling risks leaks and mistakes.
Environment variables keep secrets safe outside code.
They simplify updates and improve security.