Problem
AuthKit for Next.js currently requires all secrets (WORKOS_API_KEY, WORKOS_CLIENT_ID, WORKOS_COOKIE_PASSWORD, etc.) to be provided as environment variables. This is limiting for:
- Applications that pull secrets from a secrets manager (AWS Secrets Manager, HashiCorp Vault, Azure Key Vault, GCP Secret Manager, etc.)
- Environments where secrets aren't available in
process.env at startup
- Serverless runtimes that inject secrets outside the process environment
Proposed Solution
Export an initAuthKit(config) function that accepts configuration values programmatically. Values set via initAuthKit take precedence over environment variables; missing keys fall back to the corresponding env var. This means existing deployments that rely on env vars work without any changes.
import { initAuthKit } from '@workos-inc/authkit-nextjs';
initAuthKit({
apiKey: await secrets.get('WORKOS_API_KEY'),
clientId: await secrets.get('WORKOS_CLIENT_ID'),
cookiePassword: await secrets.get('WORKOS_COOKIE_PASSWORD'),
redirectUri: 'https://myapp.com/callback',
});
initAuthKit should be called before any other AuthKit function. Successive calls are merged, so groups of settings can be set independently.
Problem
AuthKit for Next.js currently requires all secrets (
WORKOS_API_KEY,WORKOS_CLIENT_ID,WORKOS_COOKIE_PASSWORD, etc.) to be provided as environment variables. This is limiting for:process.envat startupProposed Solution
Export an
initAuthKit(config)function that accepts configuration values programmatically. Values set viainitAuthKittake precedence over environment variables; missing keys fall back to the corresponding env var. This means existing deployments that rely on env vars work without any changes.initAuthKitshould be called before any other AuthKit function. Successive calls are merged, so groups of settings can be set independently.