Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How are env variables (secrets) used?

See original GitHub issue

In react-native, you could use react-native-config. But since it requires touching iOS and Android files, it won’t be possible to use it with Expo. How are you supposed to feed different env variables, especially those that hold api keys?

Issue Analytics

State:
Created 7 years ago
Reactions:1
Comments:7 (1 by maintainers)

Top GitHub Comments

4reactions

offerijnscommented, Oct 29, 2017

@redgenie I happened to come across this issue, looking for the same solution. However, I found this alternative: https://github.com/zetachang/react-native-dotenv. This tool doesn’t use native code, since it is simply implemented as a Babel plugin. So you can use it with Expo!

3reactions

lukewendlingcommented, Apr 18, 2018

@btroia package.json

{
  "name": "tickets-scanner",
  "version": "0.1.0",
  "private": true,
  "devDependencies": {
    "jest-expo": "24.0.0",
    "prettier": "^1.9.2",
    "react-native-scripts": "1.8.1",
    "react-test-renderer": "16.2.0"
  },
  "main": "./node_modules/react-native-scripts/build/bin/crna-entry.js",
  "scripts": {
    "start": "react-native-scripts start",
    "dev": "yarn start",
    "eject": "react-native-scripts eject",
    "android": "react-native-scripts android",
    "ios": "react-native-scripts ios",
    "test": "node node_modules/jest/bin/jest.js --watch",
    "exp": "exp"
  },
  "jest": {
    "preset": "jest-expo"
  },
  "dependencies": {
    "@expo/vector-icons": "^6.2.2",
    "@feathersjs/feathers": "^3.0.2",
    "@feathersjs/rest-client": "^1.3.2",
    "babel-preset-react-native": "^4.0.0",
    "debug": "^3.1.0",
    "exp": "^47.3.7",
    "expo": "^24.0.0",
    "native-base": "^2.3.5",
    "react": "16.2.0",
    "react-native": "0.51.0",
    "react-native-dotenv": "^0.1.0",
    "react-navigation": "^1.0.0-beta.22",
    "superagent": "^3.8.2"
  }
}

Top Results From Across the Web

Analyzing the Hidden Danger of Environment Variables for ...

The use of environment variables is a common practice in the DevOps community as it provides easy access to configuration properties.

Is it unsafe to use environmental variables for secret data?

Environment variables are passed down to child processes, which allows for unintended access. This breaks the principle of least privilege.

Why you shouldn't use ENV variables for secret data

Putting secrets in ENV variables quickly turns into tribal knowledge. New engineers who are not aware of the sensitive nature of specific ...

Environment Variables, or Keeping Your Secrets ... - Medium

Credentials are usually hidden in environment variables that your application can pick up when it runs. Our code now looks like this: We...

Inject secrets into environment variables - Documentation

Environment Files allow you to codify multiple (secret) environment variables with KEY=VALUE statements separated by a newline. These files have the .env ...