Sensitive Environment Variables
Environment variables that cannot be decrypted once created.Sensitive environment variables are environment variables whose values are non-readable once created. They help protect sensitive information stored in environment variables, such as API keys.
When you mark an existing environment variable as sensitive, Vercel converts it to a non-readable format. This is only possible for environment variables in the Production and Preview environments.
Both project environment variables and shared environment variables can be marked as sensitive.
- Development environment variables cannot be made sensitive. Therefore, all environment variables that only exist in the development environment are ignored
- All environment variables with Preview, Production, or both environments are converted to the sensitive format
- If your environment variables exist in the development environment and in at least one other environment (Preview or Production or both), the following happens:
- The existing environment variable is updated to exclude the development environment and convert it to the sensitive format
- A new standard environment variable is created with the same name but set to the development environment
Go to the Environment Variables section of the Project or Team settings.
- Click the checkbox "Create these environment variables with sensitive values"
- Choose the environment and then add a key and a value
- Click "Save" to create the sensitive environment variables In the environment variable table, sensitive environment variables are marked with a "Sensitive" tag.
![](/_next/image?url=https%3A%2F%2Fassets.vercel.com%2Fimage%2Fupload%2Fv1689795055%2Fdocs-assets%2Fstatic%2Fdocs%2Fconcepts%2Fprojects%2Fenvironment-variables%2Fsensitive-env-vars-light.png&w=1920&q=75&dpl=dpl_E2GZsUUM4EyvuYCes3krYpYUWFdo)
![](/_next/image?url=https%3A%2F%2Fassets.vercel.com%2Fimage%2Fupload%2Fv1689795055%2Fdocs-assets%2Fstatic%2Fdocs%2Fconcepts%2Fprojects%2Fenvironment-variables%2Fsensitive-env-vars-dark.png&w=1920&q=75&dpl=dpl_E2GZsUUM4EyvuYCes3krYpYUWFdo)
Create a new sensitive environment variable from your Team or Project settings.
![](/_next/image?url=https%3A%2F%2Fassets.vercel.com%2Fimage%2Fupload%2Fv1689795055%2Fdocs-assets%2Fstatic%2Fdocs%2Fconcepts%2Fprojects%2Fenvironment-variables%2Flisted-sev.png&w=3840&q=75&dpl=dpl_E2GZsUUM4EyvuYCes3krYpYUWFdo)
![](/_next/image?url=https%3A%2F%2Fassets.vercel.com%2Fimage%2Fupload%2Fv1689795055%2Fdocs-assets%2Fstatic%2Fdocs%2Fconcepts%2Fprojects%2Fenvironment-variables%2Flisted-sev-dark.png&w=3840&q=75&dpl=dpl_E2GZsUUM4EyvuYCes3krYpYUWFdo)
Sensitive environment variables labeled with a "Sensitive" tag on the dashboard.
You can only create a sensitive environment variables in the Preview and Production environments.
You can edit the environment for a sensitive environment variable.
- Click Edit from the three-dot menu in the environment variables list
- Select the environment(s) for the sensitive environment variable After making the change, click the Save button.
You cannot edit the key or value of a sensitive environment variable.
Users with the owner role can set a team-wide environment variable policy when creating environment variables. Once enabled, all newly created environment variables in the Production and/or Preview environments will be sensitive environment variables. From the dashboard, go to your team's Settings > Security to enable the policy.
![](/_next/image?url=https%3A%2F%2Fassets.vercel.com%2Fimage%2Fupload%2Fv1689795055%2Fdocs-assets%2Fstatic%2Fdocs%2Fconcepts%2Fprojects%2Fenvironment-variables%2Fenv-var-policies-2.png&w=1920&q=75&dpl=dpl_E2GZsUUM4EyvuYCes3krYpYUWFdo)
![](/_next/image?url=https%3A%2F%2Fassets.vercel.com%2Fimage%2Fupload%2Fv1689795055%2Fdocs-assets%2Fstatic%2Fdocs%2Fconcepts%2Fprojects%2Fenvironment-variables%2Fenv-var-policies-dark-2.png&w=1920&q=75&dpl=dpl_E2GZsUUM4EyvuYCes3krYpYUWFdo)
Set environment variable policy from your team's Security settings.
Was this helpful?