In my local file structure, I created a file called .env to hold my secret key for JWT authentication. When I deploy my app to Heroku using git and then try to send the API requests using Postman, I get this message:
Error: secretOrPrivateKey must have a value
From other searches it appears this is because I didn't deploy my .env file where that info is located. However, the web also makes it clear you are not supposed to deploy that file.
Which is why I ask, how on earth is my app supposed do encode the JWT without having the secret key in that .env available?
.env itself is simply a convenient way to populate environment variables on your local machine. Heroku supports configuration via environment variables out of the box.
You can set a variable using
heroku config:set SOME_VAR=some_value
or using the web-based dashboard.