Framework support

Dotvault for Next.js

Dotvault for Next.js projects.

Next.js splits environment variables into server-only and client-exposed (the NEXT_PUBLIC_ prefix). Get that wrong and you either leak a secret to the browser or crash in production. Dotvault knows the conventions, spots NEXT_PUBLIC_ values automatically, and flags anything that looks like a secret hiding in client-exposed territory.

What you get

→ Detects Next.js automatically from package.json.
→ Recognises NEXTAUTH_URL, NEXTAUTH_SECRET, and the NEXT_PUBLIC_ prefix out of the box.
→ Warns if a value that looks like an API key ends up in a client-exposed variable.
→ Handles .env.local, .env.development, .env.production, and .env.test side by side.

Known environment variables

Dotvault recognises these variables when you open a Next.js project and surfaces helpful descriptions and warnings in the editor. Next.js is detected via `next` in package.json.

NEXT_PUBLIC_
Client-exposed variable (Next.js)
NEXTAUTH_URL
NextAuth.js callback URL
NEXTAUTH_SECRET Required
NextAuth.js secret for JWT encryption
NEXT_TELEMETRY_DISABLED
Disable Next.js telemetry
NEXT_SHARP_PATH
Custom path to sharp binary for image optimisation
HOSTNAME
Server hostname for standalone mode
PORT
Server listen port
ANALYZE
Enable bundle analyzer

Official Next.js docs: nextjs.org/docs