AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Runtime Secrets

Runtime secret placement matrix

Firebase, Cloudflare, Google tags, OTP, WhatsApp, Telegram, SMTP and AWS env names are mapped to their runtime placement without values, generated env files or provider calls.

Placement statusEnv names: 34Targets: 4Families: 10Secrets: 15
Firebasetrue
Cloudflaretrue
Google tagstrue
OTPtrue
WhatsApptrue
Telegramtrue
Emailtrue
No LAN blocktrue

Placement targets

frontend_hosting_public_envEnv names: 9Secrets: 0Public: 9
github_actions_secretEnv names: 15Secrets: 15Public: 0
cloudflare_dashboardEnv names: 1Secrets: 0Public: 1
aws_runtime_envEnv names: 9Secrets: 0Public: 9

Env placements

NEXT_PUBLIC_FIREBASE_API_KEYfrontend_hosting_public_env
firebaseSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

NEXT_PUBLIC_FIREBASE_AUTH_DOMAINfrontend_hosting_public_env
firebaseSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

NEXT_PUBLIC_FIREBASE_PROJECT_IDfrontend_hosting_public_env
firebaseSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

NEXT_PUBLIC_FIREBASE_APP_IDfrontend_hosting_public_env
firebaseSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

FIREBASE_SERVICE_ACCOUNT_BASE64github_actions_secret
firebaseSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

FIREBASE_SERVICE_ACCOUNT_JSONgithub_actions_secret
firebaseSecret: trueHealth links: 0

Set as GitHub/AWS managed secret and inject only at runtime.

FIREBASE_SERVICE_ACCOUNT_PATHgithub_actions_secret
firebaseSecret: trueHealth links: 0

Set as GitHub/AWS managed secret and inject only at runtime.

NEXT_PUBLIC_CLOUDFLARE_ANALYTICS_TOKENfrontend_hosting_public_env
cloudflareSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

CLOUDFLARE_API_TOKENgithub_actions_secret
cloudflareSecret: trueHealth links: 0

Set as GitHub/AWS managed secret and inject only at runtime.

CLOUDFLARE_ZONE_IDcloudflare_dashboard
cloudflareSecret: falseHealth links: 1

Keep in Cloudflare dashboard/operator notes, not source.

NEXT_PUBLIC_GTM_IDfrontend_hosting_public_env
google_tagSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

NEXT_PUBLIC_GA_MEASUREMENT_IDfrontend_hosting_public_env
google_tagSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

NEXT_PUBLIC_METRICS_ENABLEDfrontend_hosting_public_env
metricsSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

NEXT_PUBLIC_METRICS_DRY_RUNfrontend_hosting_public_env
metricsSecret: falseHealth links: 1

Set as public hosting env, still outside source files.

OTP_PROVIDERaws_runtime_env
otp_smsSecret: falseHealth links: 1

Set on AWS runtime process manager or server env file outside Git.

TWILIO_ACCOUNT_SIDgithub_actions_secret
otp_smsSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

TWILIO_AUTH_TOKENgithub_actions_secret
otp_smsSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

TWILIO_VERIFY_SERVICE_SIDgithub_actions_secret
otp_smsSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

WHATSAPP_ACCESS_TOKENgithub_actions_secret
whatsappSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

WHATSAPP_PHONE_NUMBER_IDaws_runtime_env
whatsappSecret: falseHealth links: 1

Set on AWS runtime process manager or server env file outside Git.

WHATSAPP_VERIFY_TOKENgithub_actions_secret
whatsappSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

WHATSAPP_API_VERSIONaws_runtime_env
whatsappSecret: falseHealth links: 1

Set on AWS runtime process manager or server env file outside Git.

TELEGRAM_BOT_TOKENgithub_actions_secret
telegramSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

TELEGRAM_WEBHOOK_SECRETgithub_actions_secret
telegramSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

BACKEND_PUBLIC_URLaws_runtime_env
backendSecret: falseHealth links: 2

Set on AWS runtime process manager or server env file outside Git.

SMTP_HOSTaws_runtime_env
emailSecret: falseHealth links: 1

Set on AWS runtime process manager or server env file outside Git.

SMTP_PORTaws_runtime_env
emailSecret: falseHealth links: 1

Set on AWS runtime process manager or server env file outside Git.

SMTP_USERgithub_actions_secret
emailSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

SMTP_PASSgithub_actions_secret
emailSecret: trueHealth links: 1

Set as GitHub/AWS managed secret and inject only at runtime.

SMTP_FROMaws_runtime_env
emailSecret: falseHealth links: 1

Set on AWS runtime process manager or server env file outside Git.

DATABASE_URLgithub_actions_secret
backendSecret: trueHealth links: 0

Set as GitHub/AWS managed secret and inject only at runtime.

QUEUE_URLaws_runtime_env
backendSecret: falseHealth links: 0

Set on AWS runtime process manager or server env file outside Git.

REDIS_URLgithub_actions_secret
backendSecret: trueHealth links: 0

Set as GitHub/AWS managed secret and inject only at runtime.

AWS_REGIONaws_runtime_env
awsSecret: falseHealth links: 0

Set on AWS runtime process manager or server env file outside Git.