Secrets

Secrets are managed via environment variables. Never hardcode secrets in source code — LaunchFast generates source maps by default, which would expose hardcoded values to the public.

Local development

For local development, store secrets in a .env file at the project root. This file is gitignored and never committed.

When you add a new secret, also add its name (with a placeholder value) to .env.example so other developers know it is required. The example file is committed to the repository.

Production secrets

For production and staging, use the fly secrets set command. This sets the environment variable and triggers a redeployment:

fly secrets set MY_API_KEY=some_secret_value
fly secrets set MY_API_KEY=some_secret_value --app my-staging-app

Offline development with mocks

To develop without real service credentials, use MSW mocks in the test/mocks directory. This lets you work fully offline while still exercising the integration paths.

Environment variables — full list of required variables
Fly deployment — production deployment and secret management

Secrets

Local development

Production secrets

Offline development with mocks

Related