Best way to store env variables in figma plugin (building figma plugin)

6 days ago
March 10, 2025
3 replies
26 views

DesingLens
New Member
2 replies

I am using supabase auth for users in my figma plugin, and it requires me to store supabase_url and anon_key. These are sensitive variables that should not go public.

Storing them in ui.html is not recommended as it is easily inspectable. So I researched about different approaches.

One way I found is by storing them main thread (code.ts) which can communicate to ui.html via post messages. Although I am not sure that this is the perfect way to conceal your sensitive variables.

I need help of developers building on plugin to give some insights. Thanks!

DesingLens
Author
New Member
2 replies
6 days ago
March 10, 2025

One more thing I want to know, Is main thread code inspectable using dev tools? if so is it safe to store sensitive variables?

tank666
4854 replies
6 days ago
March 10, 2025

Never store sensitive information in the plugin code. You should have your own backend or use external services.

UX/UI designer. Figma expert. Creator and developer of plugins and widgets for Figma and FigJam. Check out my resources in Figma Community: figma.com/@tank666

DesingLens
Author
New Member
2 replies
6 days ago
March 10, 2025

Hey @tank666 ,

Thanks for replying, I have my own backend but I have made the services authorized, if Authorization is not passed in any backend service, it will not work (401 unauthorized).
I am using supabase client authorization (supabase auth) which requires supabase_url and supbase_anon_key (sensitive vars)

I cannot store them in backend for 2 reason (if i fetch variables from backend) -

my services are secure currently, I don’t want to allow any api without authorization header.
if I fetch these variables in frontend, it can be intercepted using dev tools.

If you have used any client in figma plugin how have you managed the secrets and user token?

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos

Best way to store env variables in figma plugin (building figma plugin)

3 replies

Reply

Solved topics

My text is very transparent

Fonts Not Loading in Figma – Missing or Replaced?

Can’t select text style on web touchscreen

How to bring an element to the front but retain its position in autolayout

I don't need an Organization plan for an entire year, yet I'll be billed annually.

Cookie policy

Cookie settings

Reply

Solved topics

My text is very transparent

Fonts Not Loading in Figma – Missing or Replaced?

Can’t select text style on web touchscreen

How to bring an element to the front but retain its position in autolayout

I don't need an Organization plan for an entire year, yet I'll be billed annually.

Related topics

Vector fill color (nested component) doesn't change back to the one specified in the default variant after interactionicon

Nested component, instance swap and stroke scaling issueicon

[Variants] How to keep the icon color override while changing the variant state?icon

An icon doesn't change color when making an instance swap with the new component propertiesicon

Problem with interacitve behaviour in nested componenticon

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings