TODO: Suggestion: Remove NEXT_PUBLIC Prefix for API Keys in .env File

[Yaren-IT]

Problem

The current documentation suggests prefixing API keys with NEXT_PUBLIC for environment variables in Next.js applications. However, this could potentially lead to security vulnerabilities as these keys may inadvertently be exposed to the client side.

Solution

The official Next.js documentation source recommends not using the NEXT_PUBLIC prefix for sensitive environment variables, such as API keys. By removing the prefix, these variables remain private and can only be accessed on the server, minimizing the risk of unintentional client-side exposure.

Reference

Next.js documentation advises against using the NEXT_PUBLIC prefix for sensitive environment variables:

"Since the environment variable API_KEY is not prefixed with NEXT_PUBLIC, it's a private variable that can only be accessed on the server. To prevent your environment variables from being leaked to the client, Next.js replaces private environment variables with an empty string."