The following files are from the Next.js build server folder:
-
.next/server/server-reference-manifest.json
{"node":{},"edge":{},"encryptionKey":"PhLVgRXgTBFRMVsHasswumD0/xGssj+0lGhP1i8WwlPrRk="}
-
.next/server/server-reference-manifest
self.__RSC_SERVER_MANIFEST="{\"node\":{},\"edge\":{},\"encryptionKey\":\"1uPhLVgRXgTBFMVHawmD0/xGj+lGhxxxP1i8ssWwlPrDRk=\"}"
These files contain an encryptionKey
that is generated with each build. My code audit team has raised concerns about this being a potential secret leak that could threaten security.
Here’s what I know about the files:
In a Next.js application, the server-reference-manifest.json
file is likely used to manage server-side references and configurations, possibly related to data fetching or routing.
My questions are:
- Is this really a security threat?
- Do I need to take action to hide this key or implement any changes?
- If there’s a solution to address this, could you please help?
- If we can bypass this issue, how should I respond to the security team?
Thank you for your assistance.
Not tried to resolve this issue
You need to sign in to view this answers