Sensitive environment variables
Last updated October 7, 2025
Sensitive environment variables are environment variables whose values are non-readable once created. They help protect sensitive information stored in environment variables, such as API keys.
To mark an existing environment variable as sensitive, remove and re-add it with the Sensitive option enabled. Once you mark it as sensitive, Vercel stores the variable in an unreadable format. This is only possible for environment variables in the production and preview environments.
Both project environment variables and shared environment variables can be marked as sensitive.
You can only create sensitive environment variables in the preview and production environments.
Sensitive environment variables can be created at the project or team level:
- Go to the Vercel dashboard and select your team from the scope selector. Click on the Settings tab and then select Environment Variables from the left navigation. To create sensitive environment variables at the project-level, select the project from your dashboard and then and click the Settings tab.
- At the top of the form, toggle the Sensitive switch to Enabled. If the Development environment is selected, you will be unable to enable the switch.
- Fill in the details to create a new environment variable.
- In the environment variable table, sensitive environment variables are marked with a "Sensitive" tag: