Secure Environment Variables in Next.js

Use .env.local for local secrets. Example:

DATABASE_URL=postgres://user:password@host:port/db
NEXT_PUBLIC_API_KEY=xyz123

• Prefix with NEXT_PUBLIC_ to expose to the client.
• Never expose private keys unless necessary.
• Use process.env.VAR_NAME safely, with fallbacks:

const db = process.env.DATABASE_URL ?? throw new Error("Missing DB URL");

On Vercel, set secrets in the dashboard under "Environment Variables".