I am experiencing a critical issue where my Next.js application is unable to access the AUTH_SECRET environment variable in production,
which prevents Auth.js (NextAuth.js) from working.
Problem:
The application consistently fails with a [auth][error] MissingSecret error on every request that involves authentication. This happens
in both the Edge Middleware and in Lambda function API routes, preventing any user sign-ins.
Troubleshooting Steps Already Taken:
We have exhaustively troubleshooted this and can confirm the following:
- The AUTH_SECRET and AUTH_URL environment variables are correctly set in the Vercel project settings for the Production, Preview, and
Development environments. - We have verified there are no typos and have redeployed the application multiple times after each configuration change.
- We added diagnostic logging (console.log(process.env.AUTH_SECRET)) to the application, and the Vercel logs confirmed the variable is
undefined at runtime. - The code follows standard Auth.js patterns, including export { auth as middleware } from “@/auth” in src/middleware.ts.
- We attempted workarounds like setting trustHost: true and explicitly passing the variables via next.config.js, none of which resolved
the underlying issue of the secret being unavailable.
The evidence strongly suggests that the environment variables, despite being set in the UI, are not being correctly injected into my
application’s runtime environment.
Could you please investigate why my project’s environment variables are not being exposed to the running application?
Thank you.