Comment by aziaziazi
1 day ago
The “sensitive” toggle is off by default. I’m curious about the rationale, what's the benefit of this default for users and/or Vercel?
https://vercel.com/docs/environment-variables/sensitive-envi...
1 day ago
The “sensitive” toggle is off by default. I’m curious about the rationale, what's the benefit of this default for users and/or Vercel?
https://vercel.com/docs/environment-variables/sensitive-envi...
Simpler for vibe coders.
Ok but it's not the original intent: that default exists since at least 2020: https://web.archive.org/web/20201130022511/https://vercel.co...
Sensitive environment variables are environment variables whose values are non-readable once created.
So they are harder to introspect and review once set.
It’s probably good practice to put non-secret-material in non-sensitive variables.
(Pure speculation, I’ve never used Vercel)
I have used Vercel though prefer other hosts.
There are cases where I want env variables to be considered non-secure and fine to be read later, I have one in a current project that defines the email address used as the From address for automated emails for example.
In my opinion the lack of security should be opt-in rather than opt-out though. Meaning it should be considered secure by default with an option to make it readable.