DEV Community

Discussion on: You are reading environment variables the wrong way in Next.js

Collapse
fenntasy profile image
Vincent Billey

There exists some drawback to this approach though: if you want to package your app in a docker container, that would mean you need your API_KEY at build time in the docker environment and this is a known vulnerability because you would store your API key in the docker layers and it could be accessed within the docker image.

I'm not saying your method is not a good idea (it is) but it shouldn't be so absolute either as it can backfire at you.

Collapse
yatki profile image
Mehmet Yatkı • Edited on

Not really right, because your application won't be run inside the docker until you run the image. You'd provide the environment variables with docker run command or with a docker-compose file. So there wouldn't be any problems during the build 🖖

Collapse
fenntasy profile image
Vincent Billey

Yes, sorry, it will only happen if you run the build command when building your docker container.