DEV Community

loading...

Discussion on: Environment files in React.js app

Collapse
lyrod profile image
Lyrod

This does not change anything, private key is still in bundled js files. There is no right solution I know

Collapse
samirasaad profile image
samira saad Author • Edited

Hello Lyrod,

plz make sure that
1- you did add the env files in git-ignore file
2- re-start your project serve

Collapse
lyrod profile image
Lyrod

Hey! I fully understand. But this is what the article means.

"sensitive data mean any data you shouldn't share with any one such as api keys, secret-ids, firebase config keys,etc...."

The example use "API_KEY" env variable. But even env variable value will be use instead of process.env when your files are bundled.

console.log(process.env.MY_PRIVATE_ENV) will become console.log("the value of the variable at compile time") in the js file. Nothing change, private are still in your bundled files. You still "share" the api key.

Thread Thread
samirasaad profile image
samira saad Author

Hey Lyrod, I understand u.
env files don't fully isolate the private keys from the code

its job to reduce the percentage of reaching the private keys from your github code
but not fully private as u mentioned
i think we need some package to encrypt them or use them from the server in some how
if u found any way can do it plz share it with me
thank u so much for making it clear for me