Secrets and Variables
  • 18 Jun 2021
  • 1 Minute to read
  • Contributors
  • Dark
  • PDF

Secrets and Variables

  • Dark
  • PDF

About Environment Variables

Secrets vs Credentials

Before we get into the variables we use in our environments, let's review the relationship of secrets and credentials.

Credentials can be secrets. Secrets can also be anything of extremely important value for your application and any infrastructrue. Secrets are not always credentials, as credentials are specific to access to an API, a Platform, or any other service that requires credentials for authentication and use of said services. While we do have a button that reads View Credentials, this should be treated as the overall credentials for your environment and application stack, but again not all of these secrets are credentials.

Let's look at this example (which should look familiar from the quick start guide):

Screen Shot 2021-05-19 at 8.58.32 PM

As you can see in this example of a set of secrets for the server, there are credentials like the TWILIO_AUTH_TOKEN and a JWK, which is not a credential, but rather an important secret so that you can decode during the authentication process, which is a highly sensistive operation, yet again not a credential.

Why are there different secret sets for Server, Client, and Contract?

The client, server, and smart contract may share certain credentials, but definitely not all. It's a best practice to separate your secrets per environment. This is especially important for access control and simply put not all environments need all secrets. In the example above, it's relatively clear that DB_CONNECTION or REDIS_CONNECTION is not needed by the client.

Setting up your local environment

Setting up your local environment is fairly straightforward. If you reviewed or followed along the quick start guide, then you have already done this. Either through an .env or graphql.env file, you can copy your secrets and add them to this file in order to set up your local client or server in your chosen environment. Be sure to only copy the secrets corresponding to your selected environment.

Adding a new environment variable

Adding a variable to the Chainstarters secrets manager is simple. Click on Add Variable and input the key/value pair for your variable. We have placeholder text to guide you.


Once you add the variable, make sure that you copy the entire set of secrets and replace your local env file with the updated credentials.

Was this article helpful?

What's Next