[docs]: Clarify env variables are NOT "SECRET"
See original GitHub issueThe usage of REACT_APP_SECRET_CODE
in Adding Custom Environment Variables is misleading given that there are no secrets in the front end.
Should I open a PR that changes all to REACT_APP_NOT_SECRET_CODE
?
Also, should there be a warning box toward the top about being careful not to expose secrets?
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:10 (6 by maintainers)
Top Results From Across the Web
Secrets in variable group not available as env variables to ...
The docs don't explicitly say the contents of variable groups ARE / ARE NOT added as environment variables, but docs on variables (both...
Read more >Environment variables and secrets - Expo Documentation
The following environment variables are exposed to each build job — they are not set when evaluating app.config.js locally:.
Read more >Clarification on Environment variables - Fly.io
I have added the secret keys successfully but when I deploy my deployment is failing. It is saying the keys do not exist....
Read more >Can someone please explain environmental variables work in ...
If I use GOCD_ACCESS_TOKEN in Notepad, it will fail, telling me I am not authenticated. ... Environment Variables in GoCD where you cannot...
Read more >Environment variables - Workers - Cloudflare Docs
Secrets are environment variables. The difference is secret values are not visible within Wrangler or dashboard interfaces after you define them ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@miraage I don’t believe this makes it clear that secrets will be exposed. It requires some deduction and reading. Here’s an example warning message:
I think this is an important distinction that should be immediately obvious when looking at the docs, especially for beginners. Unfortunately some misinformation is being spread online, so I think it’s safe to assume that people are not finding this clear.
What’s the downside of adding
NOT
?Sounds reasonable. Let’s get a PR going and we can get some feedback from the others in there. Thanks!