Secure your Twilio Credentials

To secure your Twilio Account SID and Authentication token, store them in environment variables. These variables remain local to your development machine and your app can access them. Using environment variables keeps credentials separate from your code and other locations that could result in unauthorized access to Twilio.

(warning)

Treat credentials like passwords

Never upload your credentials in plain text to a Git repository. Never write your credentials into your application code.

macOS and Linux

To store your credentials on UNIX-like operating systems like macOS and Linux, set environment variables.

Create one environment variable for your account SID and one for your authentication token. Store both in a file titled .env.
1
echo "export TWILIO_ACCOUNT_SID='ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'" > .env
2
echo "export TWILIO_AUTH_TOKEN='your_auth_token'" >> .env
Execute the .env as a command in your existing process.
source ./.env
Add the .env file to your .gitignore file.
echo ".env" >> .gitignore

Microsoft Windows

To store your credentials in environment variables on Microsoft Windows, you have three options: use the command prompt (cmd.exe), PowerShell, or the Windows UI.

Command promptPowerShellWindows UI

To set these environment variables as permanent settings, use the setx command through the Windows command prompt.

1setx TWILIO_ACCOUNT_SID=ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2setx TWILIO_AUTH_TOKEN=your_auth_token

To set these environment variables as permanent settings, use the [Environment]::SetEnvironmentVariable command through Windows PowerShell.

1[Environment]::SetEnvironmentVariable('TWILIO_ACCOUNT_SID', 'ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', 'User')
2[Environment]::SetEnvironmentVariable('TWILIO_AUTH_TOKEN', 'your_auth_token', 'User')

To set these environment variables as permanent settings, add the variables through the Systems control panel.

Press Windows key + R.
Type sysadm.cpl then press OK. This opens the Control Panel.
Click System.
Click Advanced System Settings.
Click the Advanced tab.
Click Environment Variables.... This opens the Environment Variables dialog box.
Under User variables for <your name>, click New... This opens the New User Variable dialog box.
Type TWILIO_ACCOUNT_SID in the Variable name box.
Type or paste your account SID in the Variable value box.
Click OK to close the New User Variable dialog box.
Click New... again.
Type TWILIO_AUTH_TOKEN in the Variable name box.
Type or paste your authentication token in the Variable value box.
Click OK to close the New User Variable dialog box.
Click OK to close the Environment Variables dialog box.

Cloud providers

Most cloud providers provide the means for securing environment variables for your application.

Load credentials from environment variables

After you store your credentials in environment variables, access from your apps using their variable name. To display the proper code for using environment variables, choose your programming language in the following example:

Load credentials from environment variables

1// Download the Node helper library from twilio.com/docs/node/install
2// These are your accountSid and authToken from https://www.twilio.com/console
3// To set up environmental variables, see http://twil.io/secure
4const accountSid = process.env.TWILIO_ACCOUNT_SID;
5const authToken = process.env.TWILIO_AUTH_TOKEN;
6
7const client = require('twilio')(accountSid, authToken);
8
9// Make API calls here...