Recommended names and where to use them.
These are safe to expose in the browser when Row Level Security (RLS) is enabled.
# Next.js NEXT_PUBLIC_HIRALL_URL=https://api.hirall.com NEXT_PUBLIC_HIRALL_ANON_KEY=ak_************************
Never expose the service role key to client code.
# Node server / Edge Functions HIRALL_SERVICE_ROLE_KEY=sk_************************
Use the dashboard API to fetch your project's client config and prefill your env.
GET /v1/dashboard/projects/:id/client-config
Authorization: Bearer <dashboard_token>
{
"data": {
"url": "https://api.hirall.com",
"keys": { "anon": "ak_...", "service_role": "sk_..." },
"env": {
"client": { "HIRALL_URL": "...", "HIRALL_ANON_KEY": "..." },
"server": { "HIRALL_SERVICE_ROLE_KEY": "..." }
}
}
}