# Security

It's important to keep your configuration file secure by not storing sensitive information inside it. This includes but is not limited to:

Mnemonic / seed phrases used for production deployments
Infura / Alchemy RPC URLs which contain your API key
Any other passwords and/or API keys

# Environment secrets

The default configuration file template gives one example of how this can be accomplished using environment variables. For example:

// gemforge.config.cjs
module.exports = {
  ...
  wallets: {
    wallet1: {
      // Wallet type - mnemonic
      type: 'mnemonic',
      // Wallet config
      config: {
        // Mnemonic phrase
        words: () => process.env.MNEMONIC,
        // 0-based index of the account to use
        index: 0,
      },
    },
  },
  ...
}

To make this work you would have to supply the MNEMONIC environment variable on the command-line or in the shell environment. For example:

MNEMONIC="..." gemforge deploy

export MNEMONIC="..."
gemforge deploy

# .env

Another option is to use the dotenv package within your config file to load in these environment variables from a .env file:

MNEMONIC="..."

Then in gemforge.config.cjs:

require('dotenv').config();
module.exports = {
  // ... process.env.MNEMONIC will now be set
}

A working example of this can be seen in the sample project.

Note: Remember to add .env to your .gitignore if you use this method.