About Environment Variables
Secrets vs Credentials
Before we get into the variables we use in our environments, let's review the relationship of secrets and credentials.
Credentials can be secrets. Secrets can also be anything of extremely important value for your application and any infrastructrue. Secrets are not always credentials, as credentials are specific to access to an API, a Platform, or any other service that requires credentials for authentication and use of said services. While we do have a button that reads
View Credentials, this should be treated as the overall credentials for your environment and application stack, but again not all of these secrets are credentials.
Let's look at this example (which should look familiar from the quick start guide):
As you can see in this example of a set of secrets for the
server, there are credentials like the
TWILIO_AUTH_TOKEN and a
JWK, which is not a credential, but rather an important secret so that you can decode during the authentication process, which is a highly sensistive operation, yet again not a credential.
Why are there different secret sets for Server, Client, and Contract?
The client, server, and smart contract may share certain credentials, but definitely not all. It's a best practice to separate your secrets per environment. This is especially important for access control and simply put not all environments need all secrets. In the example above, it's relatively clear that
REDIS_CONNECTION is not needed by the client.
Setting up your local environment
Setting up your local environment is fairly straightforward. If you reviewed or followed along the quick start guide, then you have already done this. Either through an
graphql.env file, you can copy your secrets and add them to this file in order to set up your local client or server in your chosen environment. Be sure to only copy the secrets corresponding to your selected environment.
Adding a new environment variable
Adding a variable to the Chainstarters secrets manager is simple. Click on
Add Variable and input the key/value pair for your variable. We have placeholder text to guide you.
Once you add the variable, make sure that you copy the entire set of secrets and replace your local
env file with the updated credentials.