For Next.js Developers

Runtime secrets for Next.js

Stop managing environment variables across Vercel, Railway, and local dev. Fetch secrets at runtime and rotate without redeployment.

The Next.js environment variable problem

Next.js apps need secrets: Stripe keys, database URLs, API tokens. The standard approach is environment variables — but that means:

  • Copying the same keys to Vercel, Railway, your local .env.local
  • Rotating a key = updating every platform + redeploying
  • No audit trail of which deployment accessed which secret
  • Build-time secrets baked into your deployment (can't change without rebuild)

Works everywhere in Next.js

Server Components (App Router)

// app/api/checkout/route.ts
import Stripe from 'stripe';

async function getStripeKey() {
  const res = await fetch(
    'https://app.kevorax.com/api/runtime/secrets/STRIPE_SECRET_KEY',
    { 
      headers: { 'Authorization': `Bearer ${process.env.KEVORAX_TOKEN}` },
      cache: 'no-store' // Always fetch fresh
    }
  );
  return (await res.json()).data.value;
}

export async function POST(request: Request) {
  const stripe = new Stripe(await getStripeKey());
  // Your checkout logic...
}

API Routes

// pages/api/webhook.ts
import { NextApiRequest, NextApiResponse } from 'next';

export default async function handler(req: NextApiRequest, res: NextApiResponse) {
  const secretRes = await fetch(
    'https://app.kevorax.com/api/runtime/secrets/WEBHOOK_SECRET',
    { headers: { 'Authorization': `Bearer ${process.env.KEVORAX_TOKEN}` } }
  );
  const { value: webhookSecret } = (await secretRes.json()).data;
  
  // Verify webhook signature with the fetched secret
}

Edge Functions

// app/api/edge-function/route.ts
export const runtime = 'edge';

export async function GET(request: Request) {
  // Works at the edge - plain HTTP fetch
  const res = await fetch(
    'https://app.kevorax.com/api/runtime/secrets/OPENAI_API_KEY',
    { headers: { 'Authorization': `Bearer ${process.env.KEVORAX_TOKEN}` } }
  );
  const { value: apiKey } = (await res.json()).data;
  // Use the API key...
}

Why Next.js developers use Kevorax

No SDK required

Just fetch(). No npm package to install, no bundle size increase, no dependency to maintain.

Works with any deployment

Vercel, Railway, Fly.io, self-hosted — if it can make HTTP requests, it works with Kevorax.

Instant rotation

Update a secret in Kevorax, all your deployments fetch the new value immediately. No rebuild, no redeploy.

Edge-compatible

Plain HTTP works everywhere — Vercel Edge, Cloudflare Workers, Deno Deploy.

Ready to simplify your Next.js secrets?

$5/month flat. 7-day free trial. No credit card required.

Start Free Trial