In the previous chapter, we created a Stripe account and got a pair of keys. Including the Stripe secret key. We need this in our app but we do not want to store this secret environment variables in our code. In this chapter, we’ll look at how to add secrets in SST.

We are going to create a .env file to store this.

Create a new file in .env.local with the following.

STRIPE_SECRET_KEY=STRIPE_TEST_SECRET_KEY

Make sure to replace the STRIPE_TEST_SECRET_KEY with the Secret key from the previous chapter.

SST automatically loads this into your application.

A note on committing these files. SST follows the convention used by Create React App and others of committing .env files to Git but not the .env.local or .env.$STAGE.local files. You can read more about it here.

To ensure that this file doesn’t get committed, we’ll need to add it to the .gitignore in our project root. You’ll notice that the starter project we are using already has this in the .gitignore.

# environments
.env*.local

Also, since we won’t be committing this file to Git, we’ll need to add this to our CI when we want to automate our deployments. We’ll do this later in the guide.

Next, let’s add these to our functions.

Add the following below the bind: [table], line in stacks/ApiStack.js:

environment: {
  STRIPE_SECRET_KEY: process.env.STRIPE_SECRET_KEY,
},

We are taking the environment variables in our SST app and passing it into our API.

Deploy our changes

Switch over to your terminal and restart sst dev so that it picks up the new .env.local file.

✓  Deployed:
   StorageStack
   ApiStack
   ...

Now we are ready to add an API to handle billing.