**@arolariu/website**

---

@arolariu/website / types / SecretEnvironmentVariablesType

Type Alias: SecretEnvironmentVariablesType

SecretEnvironmentVariablesType = Extract<keyof TypedProductionEnvironmentVariablesType | TypedDevelopmentEnvironmentVariablesType, keyof AuthEnvironmentVariables>

Defined in: types/typedEnv.ts:420

Union type of all secret environment variable keys.

Remarks

Security Critical: This type identifies which environment variables contain sensitive credentials and must never be exposed to client-side code or logs.

Type Extraction: Uses Extract to filter environment variable keys to only those present in AuthEnvironmentVariables, ensuring we only flag actual secrets.

Excluded from Extraction: NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY is intentionally public and safe for client-side exposure (per Next.js NEXT_PUBLIC_* convention).

Secret Keys (as of RFC 1002):

• CLERK_SECRET_KEY: Server-side authentication secret
• API_JWT: Backend API authorization token
• RESEND_API_KEY: Email service credentials

Usage Context:

• Validation: Ensuring secrets are not accidentally logged
• Testing: Mocking sensitive variables in tests
• Documentation: Identifying which variables require secure storage

Secret Management:

• Production: Stored in Azure Key Vault, injected at runtime
• Development: Stored in .env.local (gitignored)
• CI/CD: Stored as GitHub Secrets, injected during builds

Example

// Type-safe secret filtering
function isSecret(key: string): key is SecretEnvironmentVariablesType {
  const secrets: SecretEnvironmentVariablesType[] = [
    "CLERK_SECRET_KEY",
    "API_JWT",
    "RESEND_API_KEY"
  ];
  return secrets.includes(key as SecretEnvironmentVariablesType);
}

// Usage in logging guard
Object.keys(process.env).forEach(key => {
  if (!isSecret(key)) {
    console.log(`${key}: ${process.env[key]}`);
  }
});

See

AuthEnvironmentVariables