2 min read

Sensitive Environment Variables

Environment variables that cannot be decrypted once created.
Table of Contents

Sensitive environment variables are environment variables whose values are non-readable once created. They help protect sensitive information stored in environment variables, such as API keys.

When you mark an existing environment variable as sensitive, Vercel converts it to a non-readable format. This is only possible for environment variables in the Production and Preview environments.

Both project environment variables and shared environment variables can be marked as sensitive.

  • Development environment variables cannot be made sensitive. Therefore, all environment variables that only exist in the development environment are ignored
  • All environment variables with Preview, Production, or both environments are converted to the sensitive format
  • If your environment variables exist in the development environment and in at least one other environment (Preview or Production or both), the following happens:
    • The existing environment variable is updated to exclude the development environment and convert it to the sensitive format
    • A new standard environment variable is created with the same name but set to the development environment

Go to the Environment Variables section of the Project or Team settings.

  • Click the checkbox "Create these environment variables with sensitive values"
  • Choose the environment and then add a key and a value
  • Click "Save" to create the sensitive environment variables In the environment variable table, sensitive environment variables are marked with a "Sensitive" tag.

Create a new sensitive environment variable from your Team or Project settings.

Sensitive environment variables labeled with a "Sensitive" tag on the dashboard.

You can only create a sensitive environment variables in the Preview and Production environments.

You can edit the environment for a sensitive environment variable.

  • Click Edit from the three-dot menu in the environment variables list
  • Select the environment(s) for the sensitive environment variable After making the change, click the Save button.

You cannot edit the key or value of a sensitive environment variable.

Users with the owner role can set a team-wide environment variable policy when creating environment variables. Once enabled, all newly created environment variables in the Production and/or Preview environments will be sensitive environment variables. From the dashboard, go to your team's Settings > Security to enable the policy.

Set environment variable policy from your team's Security settings.

Last updated on June 15, 2024