There exists some drawback to this approach though: if you want to package your app in a docker container, that would mean you need your API_KEY at build time in the docker environment and this is a known vulnerability because you would store your API key in the docker layers and it could be accessed within the docker image.
I'm not saying your method is not a good idea (it is) but it shouldn't be so absolute either as it can backfire at you.
Not really right, because your application won't be run inside the docker until you run the image. You'd provide the environment variables with docker run command or with a docker-compose file. So there wouldn't be any problems during the build 🖖
There exists some drawback to this approach though: if you want to package your app in a docker container, that would mean you need your API_KEY at build time in the docker environment and this is a known vulnerability because you would store your API key in the docker layers and it could be accessed within the docker image.
I'm not saying your method is not a good idea (it is) but it shouldn't be so absolute either as it can backfire at you.
Not really right, because your application won't be run inside the docker until you run the image. You'd provide the environment variables with
docker run
command or with a docker-compose file. So there wouldn't be any problems during the build 🖖Yes, sorry, it will only happen if you run the
build
command when building your docker container.