DEV Community: larskarbo The latest articles on DEV Community by larskarbo (@larskarbo). https://dev.to/larskarbo https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F22266%2F09b31690-17d2-4588-ae3e-9832daad5a3b.jpeg DEV Community: larskarbo https://dev.to/larskarbo en How to work around Vercel's 4kb environment restriction larskarbo Fri, 24 Jun 2022 12:16:03 +0000 https://dev.to/larskarbo/how-to-work-around-vercels-4kb-environment-restriction-gm4 https://dev.to/larskarbo/how-to-work-around-vercels-4kb-environment-restriction-gm4 <p>At Layer3 we run our whole platform in a full-stack beautifully orchestrated environment on Vercel. All server-side and client-side code is written in TypeScript and share many of the modules and types.</p> <p>Everything was going well, until one day…</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6miwTRpT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/baf950equ6iom00yhpys.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6miwTRpT--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/baf950equ6iom00yhpys.png" alt="Image description" width="736" height="476"></a> </p> <p>Vercel has a 4kb environment variable limit. It is caused by the underlying AWS Lambda infrastructure, but whereas AWS has some solutions for proper secret management, Vercel basically says you need to <a href="https://vercel.com/support/articles/how-do-i-workaround-vercel-s-4-kb-environment-variables-limit">roll your own</a>.</p> <p>At this time, there are so many pros of being on a platform like Vercel, and we save so much time by not having to set up complex cloud infrastructure on AWS.</p> <p>So we decided to fix this.</p> <p>Our solution focused on two things:</p> <ul> <li>Secure management and deployment of secrets in preview and production</li> <li>Keep the excellent dev experience of pulling development keys to local environments</li> </ul> <p>Check out the example repository here: <a href="https://github.com/larskarbo/next-env-encrypt-decrypt/blob/main/README.md">larskarbo/next-env-encrypt-decrypt</a></p> <h2> Meet Doppler — an environment manager </h2> <p>Doppler is a service that specializes on environment variable management. It sounded perfect for our usecase, they even have a Vercel integration!</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--eQiWVnHr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/b228g0ttalei9153m7sd.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--eQiWVnHr--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/b228g0ttalei9153m7sd.png" alt="Image description" width="880" height="634"></a></p> <p>However, we quickly realized that even though Doppler has a Vercel integration, it doesn’t help the 4kb problem at all. It actually just — kind of <em>contributes</em> to it... By adding more <code>DOPPLER_</code> variables.</p> <p>However, the Doppler interface and API is amazing, and we figured it we could make a working solution with some hacking.</p> <h2> Fetching secrets from Doppler instead of Vercel </h2> <p>Once you add all your environment variables on Doppler instead of Vercel, you can work around the 4kb restriction pretty easily by fetching secrets from Doppler instead of Vercel.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--GNm4FhQb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/eql4i1v99mjft4qznlxz.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--GNm4FhQb--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/eql4i1v99mjft4qznlxz.png" alt="Image description" width="880" height="418"></a></p> <p>The only environment variable you need on Vercel is a <em>Doppler token</em>. The easiest way to add tokens for <code>development</code>, <code>preview</code> and <code>production</code> is to have both Vercel CLI and Doppler CLI installed and generate three different keys from the terminal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">echo</span> <span class="nt">-n</span> <span class="s2">"</span><span class="si">$(</span>doppler configs tokens create vercel-gitops <span class="nt">--config</span> dev <span class="nt">--plain</span><span class="si">)</span><span class="s2">"</span> | vercel <span class="nb">env </span>add DOPPLER_TOKEN development <span class="nb">echo</span> <span class="nt">-n</span> <span class="s2">"</span><span class="si">$(</span>doppler configs tokens create vercel-gitops <span class="nt">--config</span> stg <span class="nt">--plain</span><span class="si">)</span><span class="s2">"</span> | vercel <span class="nb">env </span>add DOPPLER_TOKEN preview <span class="nb">echo</span> <span class="nt">-n</span> <span class="s2">"</span><span class="si">$(</span>doppler configs tokens create vercel-gitops <span class="nt">--config</span> prd <span class="nt">--plain</span><span class="si">)</span><span class="s2">"</span> | vercel <span class="nb">env </span>add DOPPLER_TOKEN production </code></pre> </div> <p>We’ll then make a script <code>fetchSecrets.ts</code> that fetches these variables at build time and writes them to <code>.env</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="nx">fs</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">fs/promises</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">secrets</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@larskarbo/gitops-secrets</span><span class="dl">"</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">main</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">secrets</span><span class="p">.</span><span class="nx">providers</span><span class="p">.</span><span class="nx">doppler</span><span class="p">.</span><span class="nx">fetch</span><span class="p">();</span> <span class="kd">let</span> <span class="nx">envFile</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="nb">Object</span><span class="p">.</span><span class="nx">entries</span><span class="p">({</span> <span class="p">...</span><span class="nx">payload</span><span class="p">,</span> <span class="p">}).</span><span class="nx">forEach</span><span class="p">(([</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">])</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">envFile</span> <span class="o">+=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">key</span><span class="p">}</span><span class="s2">=</span><span class="p">${</span><span class="nx">value</span><span class="p">}</span><span class="s2">\n`</span><span class="p">;</span> <span class="p">});</span> <span class="nx">envFile</span> <span class="o">+=</span> <span class="s2">`DOPPLER_TOKEN=</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DOPPLER_TOKEN</span><span class="p">}</span><span class="s2">\n`</span><span class="p">;</span> <span class="k">await</span> <span class="nx">fs</span><span class="p">.</span><span class="nx">writeFile</span><span class="p">(</span><span class="dl">"</span><span class="s2">.env</span><span class="dl">"</span><span class="p">,</span> <span class="nx">envFile</span><span class="p">);</span> <span class="p">}</span> <span class="k">void</span> <span class="nx">main</span><span class="p">();</span> </code></pre> </div> <p>Changes in package.json:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="err">...</span><span class="w"> </span><span class="nl">"build"</span><span class="p">:</span><span class="w"> </span><span class="s2">"npm run fetch-secrets &amp;&amp; nextjs build"</span><span class="p">,</span><span class="w"> </span><span class="nl">"fetch-secrets"</span><span class="p">:</span><span class="w"> </span><span class="s2">"ts-node fetchSecrets.ts"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Yes, that's all you need.</p> <p>In development, you’ll simply run <code>npm run fetch-env</code>. This flow doesn’t add a lot of moving parts and it feels very similar to the <code>vercel env pull</code> workflow.</p> <h2> Taking it a step further with encrypted secrets </h2> <p>Now that we are rolling our own secrets management, why not take it a step further and improve the security?</p> <p>The current environment variable setup <a href="https://diogomonica.com/2017/03/27/why-you-shouldnt-use-env-variables-for-secret-data/">can be a security risk</a>. A rogue npm package could <a href="https://youtu.be/jUhiPj6h_L8?t=795">dump all the freely available</a> <code>process.env</code> variables and send it to a remote server. And remember, this could be the dependency of one of your dependencies too. Most npm apps have a boatload of dependencies when you look at the dependency tree, so the surface risk area might be bigger than you think.</p> <p>Our goal will be to create a system where:</p> <ul> <li>Secrets are always encrypted, both in transit and at rest.</li> <li>Secrets are difficult to unintentionally leak when consumed by the final application.</li> </ul> <p>Many platforms have sophisticated solutions for this, like <a href="https://aws.amazon.com/kms/">AWS KMS</a> and <a href="https://docs.docker.com/engine/swarm/secrets/">Docker Secrets</a>. The idea is that these tools hold the secret in encrypted form and provides it to the application at runtime. </p> <p>We’ll solve this in a simple and custom way, with some unique considerations:</p> <ul> <li>We need <code>NEXT_PUBLIC_</code> variables to be available in the environment.</li> <li>We want to be able to override secrets with <code>.env.local</code> for our local dev environments.</li> </ul> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--6EQNdQvf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/rkl8kuksd0r80m4bdira.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--6EQNdQvf--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/rkl8kuksd0r80m4bdira.png" alt="Image description" width="880" height="622"></a></p> <p>Building on the Doppler setup, we'll add another environment variable to Vercel, <code>SECRETS_KEY</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>gen_key <span class="o">()</span> <span class="o">{</span> openssl rand <span class="nt">-base64</span> 32 <span class="o">}</span> gen_key | vercel <span class="nb">env </span>add SECRETS_KEY development gen_key | vercel <span class="nb">env </span>add SECRETS_KEY preview gen_key | vercel <span class="nb">env </span>add SECRETS_KEY production </code></pre> </div> <p>Now we’ll make some changes to our <code>fetch-secrets.ts</code> script.</p> <p>It needs to:</p> <ol> <li>Fetch secrets from doppler.</li> <li>Write all <code>NEXT_PUBLIC_</code> vars to <code>.env</code> </li> <li>Write all other secrets to a special file <code>.encrypted-secrets</code> </li> </ol> <p>Commit this file into git like this, and <em>then</em> add it to <code>.gitignore</code>. This allows us to run the app without depending on the generated file.</p> <p>Our super-charged <code>fetch-secrets.ts</code> looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="k">import</span> <span class="nx">Cryptr</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">cryptr</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">fs</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">fs/promises</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">gitopsSecrets</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">@larskarbo/gitops-secrets</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ENCRYPTED_SECRETS_FILE</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">../src/utils</span><span class="dl">"</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nx">main</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">payload</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">gitopsSecrets</span><span class="p">.</span><span class="nx">providers</span><span class="p">.</span><span class="nx">doppler</span><span class="p">.</span><span class="nx">fetch</span><span class="p">();</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SECRETS_KEY</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nb">Error</span><span class="p">(</span><span class="dl">"</span><span class="s2">SECRETS_KEY is not set</span><span class="dl">"</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">cryptr</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Cryptr</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SECRETS_KEY</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">encryptedText</span> <span class="o">=</span> <span class="nx">cryptr</span><span class="p">.</span><span class="nx">encrypt</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nx">stringify</span><span class="p">(</span><span class="nx">payload</span><span class="p">));</span> <span class="k">await</span> <span class="nx">fs</span><span class="p">.</span><span class="nx">writeFile</span><span class="p">(</span><span class="nx">ENCRYPTED_SECRETS_FILE</span><span class="p">,</span> <span class="nx">encryptedText</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">envFile</span> <span class="o">=</span> <span class="dl">""</span><span class="p">;</span> <span class="nb">Object</span><span class="p">.</span><span class="nx">entries</span><span class="p">({</span> <span class="p">...</span><span class="nx">payload</span><span class="p">,</span> <span class="p">})</span> <span class="p">.</span><span class="nx">filter</span><span class="p">(([</span><span class="nx">key</span><span class="p">])</span> <span class="o">=&gt;</span> <span class="nx">key</span><span class="p">.</span><span class="nx">startsWith</span><span class="p">(</span><span class="dl">"</span><span class="s2">NEXT_PUBLIC_</span><span class="dl">"</span><span class="p">))</span> <span class="p">.</span><span class="nx">forEach</span><span class="p">(([</span><span class="nx">key</span><span class="p">,</span> <span class="nx">value</span><span class="p">])</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">envFile</span> <span class="o">+=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">key</span><span class="p">}</span><span class="s2">=</span><span class="p">${</span><span class="nx">value</span><span class="p">}</span><span class="s2">\n`</span><span class="p">;</span> <span class="p">});</span> <span class="nx">envFile</span> <span class="o">+=</span> <span class="s2">`DOPPLER_TOKEN=</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">DOPPLER_TOKEN</span><span class="p">}</span><span class="s2">\n`</span><span class="p">;</span> <span class="nx">envFile</span> <span class="o">+=</span> <span class="s2">`SECRETS_KEY=</span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SECRETS_KEY</span><span class="p">}</span><span class="s2">\n`</span><span class="p">;</span> <span class="k">await</span> <span class="nx">fs</span><span class="p">.</span><span class="nx">writeFile</span><span class="p">(</span><span class="dl">"</span><span class="s2">.env</span><span class="dl">"</span><span class="p">,</span> <span class="nx">envFile</span><span class="p">);</span> <span class="p">}</span> <span class="k">void</span> <span class="nx">main</span><span class="p">();</span> </code></pre> </div> <p>Then we need to decrypt the secrets in the runtime code. We'll make a helper function for this.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="kd">let</span> <span class="nx">decryptedSecrets</span><span class="p">:</span> <span class="kc">null</span> <span class="o">|</span> <span class="p">{</span> <span class="p">[</span><span class="na">key</span><span class="p">:</span> <span class="kr">string</span><span class="p">]:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">readFileSync</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">fs</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">Cryptr</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">cryptr</span><span class="dl">"</span><span class="p">;</span> <span class="k">import</span> <span class="nx">path</span> <span class="k">from</span> <span class="dl">"</span><span class="s2">path</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">ENCRYPTED_SECRETS_FILE</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">.encrypted-secrets</span><span class="dl">"</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">getSecret</span> <span class="o">=</span> <span class="p">(</span><span class="nx">key</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// in case you have some overrides in `.env.local`</span> <span class="k">if</span> <span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NODE_ENV</span> <span class="o">===</span> <span class="dl">"</span><span class="s2">development</span><span class="dl">"</span> <span class="o">&amp;&amp;</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">[</span><span class="nx">key</span><span class="p">])</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">[</span><span class="nx">key</span><span class="p">];</span> <span class="p">}</span> <span class="c1">// only decrypt secrets the first time</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">decryptedSecrets</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SECRETS_KEY</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">undefined</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">encryptedSecrets</span> <span class="o">=</span> <span class="nx">readFileSync</span><span class="p">(</span> <span class="nx">path</span><span class="p">.</span><span class="nx">join</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">cwd</span><span class="p">(),</span> <span class="nx">ENCRYPTED_SECRETS_FILE</span><span class="p">),</span> <span class="dl">"</span><span class="s2">utf8</span><span class="dl">"</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">cryptr</span> <span class="o">=</span> <span class="k">new</span> <span class="nx">Cryptr</span><span class="p">(</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SECRETS_KEY</span><span class="p">);</span> <span class="nx">decryptedSecrets</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nx">parse</span><span class="p">(</span><span class="nx">cryptr</span><span class="p">.</span><span class="nx">decrypt</span><span class="p">(</span><span class="nx">encryptedSecrets</span><span class="p">));</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">decryptedSecrets</span><span class="p">?.[</span><span class="nx">key</span><span class="p">];</span> <span class="p">};</span> </code></pre> </div> <p>Voila! Now you can use the secrets anywhere in your app like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight tsx"><code><span class="c1">// back-end</span> <span class="kd">const</span> <span class="nx">apiKey</span> <span class="o">=</span> <span class="nx">getSecret</span><span class="p">(</span><span class="dl">"</span><span class="s2">API_KEY</span><span class="dl">"</span><span class="p">)</span> <span class="c1">// front-end</span> <span class="kd">const</span> <span class="nx">somePublicKey</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">NEXT_PUBLIC_KEY</span> </code></pre> </div> <p>Check out the working demo here: (<a href="https://next-env-encrypt-decrypt.vercel.app/">link</a>, <a href="https://github.com/larskarbo/next-env-encrypt-decrypt">github repo</a>).</p> <h2> Conclusion </h2> <p>Vercel may have a 4kb environment restriction, but with some creative engineering, you might end up with a system that is more developer-friendly and secure than before.</p> <p>This approach might be right if you are an early stage startup. When you get bigger, and have stricter requirements to managing confidential stuff, you’ll probably end up with a more complex cloud orchestrated infrastructure.</p> <p>At Layer3, we use Vercel and Doppler to move fast. If you enjoyed this post and love the idea of building new types of applications that take advantage of the decentralised web, you should <a href="https://www.notion.so/Open-Roles-c7edc26d9c314721a058b2ffc7b711b9">join our team</a>!</p> The three Phases of Creating Useful Stuff on the Web larskarbo Sat, 31 Oct 2020 10:45:36 +0000 https://dev.to/larskarbo/the-three-phases-of-creating-useful-stuff-on-the-web-1hoh https://dev.to/larskarbo/the-three-phases-of-creating-useful-stuff-on-the-web-1hoh <p>This model will make you more successful at creating useful stuff on the web.</p> <p>It is simple and easy to understand.</p> <h2> The three Phases </h2> <p>I have <em>a lot</em> of failed projects that never got out of phase one (at least 150), I have some things that I released, but never took it further. And I have a few successful projects.</p> <blockquote> <p>I have <em>a lot</em> of failed projects that never got out of phase one</p> </blockquote> <p>By recognizing these phases and thinking rationally about them we will become better at creating <strong>successful projects</strong>.</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--aSyse6v3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/4q9chqvok3qo1bvcuh8e.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--aSyse6v3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/4q9chqvok3qo1bvcuh8e.png" alt="Three phases"></a></p> <h3> Phase 1: Building </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--uNUY87vV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uobm9vjhagk95qeakdcp.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--uNUY87vV--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/uobm9vjhagk95qeakdcp.png" alt="me building a random idea I got"></a></p> <p>This is the phase where you start coding the project.</p> <p>You have this amazing idea. Maybe you think you'll be able to finish it quickly.</p> <p>You make a github repo and things start to take form.</p> <p>If you release it, big or small, you go on to <strong>phase two ↓</strong>.</p> <h3> Phase 2: Releasing </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--keygATN3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/0mt6h672u2emret2bwi1.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--keygATN3--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/0mt6h672u2emret2bwi1.png" alt="me posting to producthunt"></a></p> <p>You'll stay in phase two as long as you are still releasing and improving.</p> <p>Some marketing and outreach might be necessary in this phase.</p> <p>When you start getting traction and people start to use your product, you move on to <strong>phase 3 ↓</strong>.</p> <h3> Phase 3: Traction </h3> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--HcgXuEvt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/i91uxzw2vc6qfl4yw23t.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--HcgXuEvt--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/i/i91uxzw2vc6qfl4yw23t.png" alt="me showing google analytics"></a><br> Congratulations! You made something that is usable and valuable for people!</p> <p>From here you can leave it, continue to work on it or start monetizing it.</p> <h2> Common pitfall #1: Never releasing </h2> <p>This is the most common pitfall.</p> <p>You start building something, never get to the point where you can share it.</p> <p>Sometimes, it is ok. If your idea wasn't that good anyways.</p> <blockquote> <p>Think small, and minimum viable product, to quickly move on to phase 2</p> </blockquote> <h2> Common pitfall #2: Lose motivation after first release </h2> <p>I <em>love</em> building and shipping new things. Sometimes I get extremely motivated in the beginnings.</p> <p>The next step is harder. The step to take the creation and make it into something better. It requires iteration and hard work, and doesn't give you instant gratification.</p> <p>The idea didn't <em>take off</em>, and you are unsure whether it's any point in continuing.</p> <p>I think it is important to learn that it might take more work before you find traction.</p> <blockquote> <p>Your <strong>motivation</strong> is a bad indicator of whether you should work on something or not.</p> </blockquote> <h2> A note about business. </h2> <p>You are probably thinking of something that is missing.</p> <p>What about <em>validation</em> before building anything? What about <em>monetizing</em> and <em>scaling</em>?</p> <p>This model is solely based on the <em>build</em> aspect. It doesn't mean the business parts aren't important. Because they are.</p> <blockquote> <p>Business parts are important, but not included in this model</p> </blockquote> <h2> Conclusion </h2> <p>Recognize the phases and the common pitfalls and you will have an easier time building useful stuff on the web.</p> <p>Make sure to share this with anyone you think would like to hear it!</p> <p>Which phase do your projects usually end up in? Let me know in the comments.</p> web indiehacking strategy