Environment variables
The proper place to store secrets, keys, and API tokens is in Environment Variables.
Environment variables can be accessed via Deno.env
or process.env
.
- The “key” and “value” of each environment variable can be any string
- Vals can’t set environment variables: Environment variables are set via the settings page. Trying to update an environment variable, for example by using
Deno.env.set
, is a no-op.
Deno.env
This uses the Deno-default Deno.env variable, which is available globally.
process.env
This is the conventional way to access environment variables when you’re in a Node.js environment. In Node.js, process is an always-available global variable, but since Val Town targets Deno, you’ll need to import process from node:process:
Environment variables are private in public vals
It is safe for a a public val to reference your environment variables. Others can see that they’re being used, but not their values.
For example, in this public script val, you can see that I’m using a discord bot’s environment variable, but you cannot run this code or get the value of the environment variable.
If you expose an HTTP or email val, those vals can be triggered by anyone who knows their URL or email address, but they still can’t access your environment variables. This is how server-side code normally works. If someone wants to run your code with their environment variables, they need to import your code and run it in their own vals.