.env

Use /.env to define credentials which shouldn't be exposed in the client app. Don't write these credentials in /nd/conf.js or /nd/conf.local.js. The data in these files will be inlined and exposed in the production app. In Next.js apps, there are places only executed on the server side, where you can use credentials without exposing them such as /pages/api/*, getStaticProps, getStaticPaths and getServerSideProps.

SECRET=xxx
SECRET2=xxx

You can access these values as procces.env.SECRET and process.env.SECRET2.

confutil