question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[docs]: Clarify env variables are NOT "SECRET"

See original GitHub issue

The usage of REACT_APP_SECRET_CODE in Adding Custom Environment Variables is misleading given that there are no secrets in the front end.

Should I open a PR that changes all to REACT_APP_NOT_SECRET_CODE?

Also, should there be a warning box toward the top about being careful not to expose secrets?

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:2
  • Comments:10 (6 by maintainers)

github_iconTop GitHub Comments

5reactions
JBallincommented, Dec 2, 2018

@miraage I don’t believe this makes it clear that secrets will be exposed. It requires some deduction and reading. Here’s an example warning message:

Don’t store any secrets (such as API keys) in your React app as they’ll be included in the build (meaning they can be read by anyone looking at your script/html files in dev tools). Instead, you should send requests to a separate backend (which stores your secrets) and send back the response to your React app.

I think this is an important distinction that should be immediately obvious when looking at the docs, especially for beginners. Unfortunately some misinformation is being spread online, so I think it’s safe to assume that people are not finding this clear.

What’s the downside of adding NOT?

2reactions
ianschmitzcommented, Dec 2, 2018

Sounds reasonable. Let’s get a PR going and we can get some feedback from the others in there. Thanks!

Read more comments on GitHub >

github_iconTop Results From Across the Web

Secrets in variable group not available as env variables to ...
The docs don't explicitly say the contents of variable groups ARE / ARE NOT added as environment variables, but docs on variables (both...
Read more >
Environment variables and secrets - Expo Documentation
The following environment variables are exposed to each build job — they are not set when evaluating app.config.js locally:.
Read more >
Clarification on Environment variables - Fly.io
I have added the secret keys successfully but when I deploy my deployment is failing. It is saying the keys do not exist....
Read more >
Can someone please explain environmental variables work in ...
If I use GOCD_ACCESS_TOKEN in Notepad, it will fail, telling me I am not authenticated. ... Environment Variables in GoCD where you cannot...
Read more >
Environment variables - Workers - Cloudflare Docs
Secrets are environment variables. The difference is secret values are not visible within Wrangler or dashboard interfaces after you define them ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found