DEV Community


Discussion on: Environment files in React.js app

lyrod profile image

Hey! I fully understand. But this is what the article means.

"sensitive data mean any data you shouldn't share with any one such as api keys, secret-ids, firebase config keys,etc...."

The example use "API_KEY" env variable. But even env variable value will be use instead of process.env when your files are bundled.

console.log(process.env.MY_PRIVATE_ENV) will become console.log("the value of the variable at compile time") in the js file. Nothing change, private are still in your bundled files. You still "share" the api key.

Thread Thread
samirasaad profile image
samira saad Author

Hey Lyrod, I understand u.
env files don't fully isolate the private keys from the code

its job to reduce the percentage of reaching the private keys from your github code
but not fully private as u mentioned
i think we need some package to encrypt them or use them from the server in some how
if u found any way can do it plz share it with me
thank u so much for making it clear for me