I am trying to create a vercel clone. I wanted to know how vercel handles the secret variables such as API_KEY or DB_URL? I wanted to know the internal working.
If I just take the secrets variables from users and normally create a '.env' file in project directory, then it is not secure, using bcrypt to encode can be a workaround but I want to know exact working of how platforms like vercel handles such task in building of project as well as at run time environment.
You can store your secret key in secure storage eg: AWS Secure Storage,
For secure uses of a secret key, you can follow these injections
For runtime secrets (like DB credentials), the application's environment can be populated with the necessary secrets as it starts. This means the secrets are only in memory and not written to disk.
For build-time secrets (like API keys needed during the build process), inject them into the build environment. Ensure that the build system cleans up any environment variables.