Using ENV variables for projectId in sanity.json

The issue you're experiencing is that sanity.json doesn't support environment variables directly. This is a static JSON configuration file that gets parsed at build time, and it can't interpolate values from .env.local files.

Here's the proper approach depending on your Sanity Studio version:

For Sanity Studio v3 (Modern Approach)

If you're using Studio v3, you should be configuring your project in sanity.config.ts (or .js) instead of sanity.json. This file does support environment variables:

// sanity.config.ts
import {defineConfig} from 'sanity'

export default defineConfig({
  projectId: process.env.SANITY_STUDIO_PROJECT_ID || '',
  dataset: process.env.SANITY_STUDIO_DATASET || 'production',
  // ... rest of your config
})

In your .env.local:

SANITY_STUDIO_PROJECT_ID=your-project-id
SANITY_STUDIO_DATASET=production

Important: Environment variables in Sanity Studio must be prefixed with SANITY_STUDIO_ to be accessible.

For Sanity Studio v2 (Legacy)

If you're still on v2 with sanity.json, you have two options:

Option 1: Just hardcode the values in sanity.json since project IDs are not sensitive information and will be visible in your production code anyway:

{
  "api": {
    "projectId": "abc123xyz",
    "dataset": "production"
  }
}

Option 2: Use environment variables in your client configuration files (not in sanity.json), like when setting up API clients:

// client.js
import {createClient} from '@sanity/client'

export const client = createClient({
  projectId: process.env.SANITY_STUDIO_PROJECT_ID,
  dataset: process.env.SANITY_STUDIO_DATASET,
  apiVersion: '2023-06-10',
  useCdn: true,
})

The key insight is that your projectId and dataset aren't secrets - they'll be exposed in image URLs, API calls, and client-side code regardless. The real security comes from your dataset permissions and API tokens, not from hiding the project ID.