upvote

points

by btown5 hours ago |
comments
upvoteby aziaziazi4 hours ago|
next
[-]
The “sensitive” toggle is off by default. I’m curious about the rationale, what's the benefit of this default for users and/or Vercel?

https://vercel.com/docs/environment-variables/sensitive-envi...

reply
upvoteby loloquwowndueo3 hours ago|
parent|
next
[-]
Sensitive environment variables are environment variables whose values are non-readable once created.

So they are harder to introspect and review once set.

It’s probably good practice to put non-secret-material in non-sensitive variables.

(Pure speculation, I’ve never used Vercel)

reply
upvoteby _heimdall3 hours ago|
parent|
[-]
I have used Vercel though prefer other hosts.

There are cases where I want env variables to be considered non-secure and fine to be read later, I have one in a current project that defines the email address used as the From address for automated emails for example.

In my opinion the lack of security should be opt-in rather than opt-out though. Meaning it should be considered secure by default with an option to make it readable.

reply
upvoteby throw031720193 hours ago|
parent|
prev|
[-]
Simpler for vibe coders.
reply
upvoteby jtchang3 hours ago|
prev|
[-]
How does the app read the variable if it can't be read after you input it? Or do they mean you can't view it after providing the variable value to the UI?
reply
upvoteby ctmnt59 minutes ago|
parent|
[-]
They mean the latter. Very unclear how that translates to meaningful security.
reply