Environment variables
Twofold applications use environment variables to manage settings that change between development and production environments.
Env files
The .env
file in the root of your project is automatically loaded when running Twofold. You can use this file to set environment specific variables.
# .env
MY_ENV_VAR="hello-world"
Server-side application code can access these variables using Node's built in process.env
:
console.log(process.env.MY_ENV_VAR);
// prints hello-world
Required variables
Your environment must contain a TWOFOLD_SECRET_KEY
variable. This key is autogenerated when you create a Twofold application, but it can be changed at any point.
The key is used to sign sensitive data like sessions and server functions.
# .env
TWOFOLD_SECRET_KEY="...."
Recommendations
- Do not check the
.env
file into git. - Only put configuration that changes per environment in the
.env
file.
Clients cannot access ENVs
In Twofold only server-side code can access environment variables. This is because the .env
file is only loaded on the server to avoid leaking sensitive information to the client.
"use client";
export function ClientComponent() {
return (
<div>
{/* This won't work */}
{process.env.HOSTNAME}
</div>
);
}
If you need to access environment variables on the client then you should pass them as props from a server component into a client component.
// app/pages/index.tsx
import { ClientComponent } from "./client-component";
export default function IndexPage() {
return (
<div>
{/* Now the client component can access HOSTNAME */}
<ClientComponent hostname={process.env.HOSTNAME} />
</div>
);
}
In the above example, the ClientComponent
receives the HOSTNAME
environment variable as a prop from the server.
Be careful when passing environment variables to client components. Avoid passing sensitive information like API keys or database credentials.
NODE_ENV exception
Client components do have access to the NODE_ENV
environment variable. This is a safe to expose variable that is often used for dead-code elimination.
"use client";
export function ClientComponent() {
return (
<div>
{process.env.NODE_ENV === "development" && (
<p>This component is running in development mode</p>
)}
</div>
);
}
In the example above the client component can safely access NODE_ENV
to conditionally render a message if the app is running in development mode.
In non-development environments, the <p>
tag will be stripped from the component at build time.