Deployment problem, public key security pushback

i have a problem with code deployment. I constantly get security pushback with

The sensitive environment variable NEXT_PUBLIC_RECAPTCHA_SITE_KEY is in the following files and exposed in the client:
xyz
Please remove the sensitive environment variable from the client code – either completely or by using a server component/action to fetch the value.

i am really lost here. Why would the next_public key be flaged as security risk. The recaptcha public key shuld be public.xd
Am i doing something wrong?

Did you know there’s another category dedicated to v0 topics? A human should be here soon to help, but the answer may already be available even faster in one of these other posts.

Our docs are a great place to start.

We also have a walkthrough to help guide your workflow.

And these recordings can give you a look at v0 features and strategies in action shown by our Community:

https://community.vercel.com/tags/c/events/42/v0

I can confirm this bug, it’s a false positive when the name KEY is used

In the meantime you can make a second variable with a different name like KEEY and it’ll unblock deployment until this is fixed

Having the same issue within multiple of my projects.. it seems to have errors with both KEY and TOKEN … in the end I went with “THING” and the project is deploying again

Hi @gfargo and @loglgloglg-3119, can you share the chat id where you faced this issue?

I most recently encountered it on add-supabase-support-rXqBYABoDCJ and on two other chats; however, I can’t seem to find them right now.

Okay. Let me share this with the team.