if i have a variable VUE_APP_MY_SECRET in .env file, then when i deploy vue-cli app, can user read process.env.VUE_APP_MY_SECRET from chrome browser console by running process.env.VUE_APP_MY_SECRET from console? how to protect this value from user ?
My name is Pascal Lamers, I am 30 years old and I am from Austria - and still live in Austria. Approx. 4 years ago I started to activley learn code and it was one of the best decisions of my life !
You shouldn't include any secrets in your frontend/clientside code. From the official docs:
"WARNING
Do not store any secrets (such as private API keys) in your app! Environment variables are embedded into the build, meaning anyone can view them by inspecting your app's files."
During the build process all environment variables will simply be swapped with plain text. So in frontend only use env variables for non-secrets.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
if i have a variable VUE_APP_MY_SECRET in .env file, then when i deploy vue-cli app, can user read process.env.VUE_APP_MY_SECRET from chrome browser console by running process.env.VUE_APP_MY_SECRET from console? how to protect this value from user ?
You shouldn't include any secrets in your frontend/clientside code. From the official docs:
"WARNING
Do not store any secrets (such as private API keys) in your app! Environment variables are embedded into the build, meaning anyone can view them by inspecting your app's files."
During the build process all environment variables will simply be swapped with plain text. So in frontend only use env variables for non-secrets.