Store Your Twilio Credentials Securely
It’s important to keep credentials such as your Twilio Account SID and Auth token secure by storing them in a way that prevents unauthorized access. One common method is to store them in environment variables which are then accessed from your app. This keeps them out of code and other places where credentials don’t belong. Let’s take a look at how to work with environment variables with a variety of operating systems and languages.
Set environment variables
From the command line, set environment variables to contain your credentials. For example:
-
TWILIO_ACCOUNT_SID
-
TWILIO_AUTH_TOKEN
If you store these in a .env
file so they persist across reboots, make sure to tell Git to ignore the .env
file by adding *.env
to your .gitignore
file. You do not want your credentials uploaded in plain text to the Git repository.
Mac & Linux
Add your credentials as environment variables in a twilio.env file and source them:
echo "export TWILIO_ACCOUNT_SID='ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'" > twilio.env
echo "export TWILIO_AUTH_TOKEN='your_auth_token'" >> twilio.env
source ./twilio.env
Make sure that Git ignores the twilio.env
file:
echo "twilio.env" >> .gitignore
Windows
You can store your credentials in environment variables via the command line. You will have to do this at the start of each command-line session (each time you run cmd.exe or PowerShell).
Windows command line (cmd.exe)
set TWILIO_ACCOUNT_SID=ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
set TWILIO_AUTH_TOKEN=your_auth_token
PowerShell
$Env:TWILIO_ACCOUNT_SID="ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
$Env:TWILIO_AUTH_TOKEN="your_auth_token"
To make the Windows environment variables permanent, see How to Set Environment Variables.
Cloud providers
Most cloud providers give you a way to securely configure environment variables for your application.
Load credentials from environment variables
Once you have stored your credentials in environment variables, they are accessible by name to your apps. Always access your credentials using the variable names and never hard-code credentials in your code. Choose your language to see the right code for you.
Need some help?
We all do sometimes; code is hard. Get help now from our support team, or lean on the wisdom of the crowd by visiting Twilio's Stack Overflow Collective or browsing the Twilio tag on Stack Overflow.