Is it safe to commit my projectId?
Yes, it's completely safe to commit your projectId to version control!
Your projectId is meant to be public information. It will be visible everywhere in your final code—including all your queries that run client-side. Think of it like a domain name rather than a secret credential.
If your dataset is set to public visibility, you should assume that everything in it (along with the projectId) is visible to anyone. The projectId itself doesn't grant any write access or special permissions—those are controlled by authentication tokens.
While you could technically store the projectId as an environment variable to avoid hardcoding it, your final bundled application would still expose it anyway since it needs to make API requests to Sanity's CDN.
What you should keep secret:
- API tokens with write access
- Your dataset name (if you want to keep it private)
- Any authentication credentials
What's safe to commit:
projectId- Public dataset names
- Read-only tokens for public datasets
One small detail: even if your dataset is public, documents with _id values that include a path (like drafts.) will still be hidden from public access, as explained in Sanity's ID documentation.
Show original thread4 replies
Sanity – Build the way you think, not the way your CMS thinks
Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.