Skip to contentSkip to navigationSkip to topbar
Rate this page:
On this page

Store Your Twilio Credentials Securely


It's important to keep credentials such as your Twilio Account SID and Auth token secure by storing them in a way that prevents unauthorized access. One common method is to store them in environment variables which are then accessed from your app. This keeps them out of code and other places where credentials don't belong. Let's take a look at how to work with environment variables with a variety of operating systems and languages.


Set environment variables

set-environment-variables page anchor

From the command line, set environment variables to contain your credentials. For example:

  • TWILIO_ACCOUNT_SID
  • TWILIO_AUTH_TOKEN
(warning)

Warning

If you store these in a .env file so they persist across reboots, make sure to tell Git to ignore the .env file by adding *.env to your .gitignore file. You do not want your credentials uploaded in plain text to the Git repository.

Mac & Linux

mac--linux page anchor

Add your credentials as environment variables in a twilio.env file and source them:


_10
echo "export TWILIO_ACCOUNT_SID='ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'" > twilio.env
_10
echo "export TWILIO_AUTH_TOKEN='your_auth_token'" >> twilio.env
_10
source ./twilio.env

Make sure that Git ignores the twilio.env file:


_10
echo "twilio.env" >> .gitignore

You can store your credentials in environment variables via the command line. You will have to do this at the start of each command-line session (each time you run cmd.exe or PowerShell).

Windows command line (cmd.exe)

windows-command-line-cmdexe page anchor

_10
set TWILIO_ACCOUNT_SID=ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
_10
set TWILIO_AUTH_TOKEN=your_auth_token


_10
$Env:TWILIO_ACCOUNT_SID="ACXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
_10
$Env:TWILIO_AUTH_TOKEN="your_auth_token"

To make the Windows environment variables permanent, see How to Set Environment Variables(link takes you to an external page).


Most cloud providers give you a way to securely configure environment variables for your application.


Load credentials from environment variables

load-credentials-from-environment-variables page anchor

Once you have stored your credentials in environment variables, they are accessible by name to your apps. Always access your credentials using the variable names and never hard-code credentials in your code. Choose your language to see the right code for you.

Load credentials from environment variables

load-credentials-from-environment-variables-1 page anchor

Use environment variables instead of hard-coding your Twilio credentials

Node.js
Python
C#
Java
PHP
Ruby
curl

_10
// Download the Node helper library from twilio.com/docs/node/install
_10
// These are your accountSid and authToken from https://www.twilio.com/console
_10
// To set up environmental variables, see http://twil.io/secure
_10
const accountSid = process.env.TWILIO_ACCOUNT_SID;
_10
const authToken = process.env.TWILIO_AUTH_TOKEN;
_10
_10
const client = require('twilio')(accountSid, authToken);
_10
_10
// Make API calls here...


Rate this page: