loading...

re: GitHub Actions: Hide And Set Angular Environment Variables VIEW POST

FULL DISCUSSION
 

Thanks once again David! I really like this approach, I just have a question: Why would you be interested in hidding this environment configs from a frontend application? Even if the code sources hide it, once your application is deployed is easy, I mean really easy, to find out this information.

 

Totally agree with you Sebastián.

I would say, maybe, that it makes these just a bit less obvious if not pushed in the repo. Exposed in it would be still a bit more clearer than being part of the bundle.

Furthermore doing so, you would also avoid having your configs being duplicated each time someone fork your repo.

Finally, worth to notice, GitHub automatically send emails to author in case a token is pushed in a public repo. I guess to prevent tokens being wrongly exposed.

But like I said, fully agree with you.

 

I get your point. It's similar to the job done by obfustacing your production code. Maybe having a little warning at the top of the article about this not being a full security measure could be helpful for, mostly newbie, readers.

Good point 👍 I have added a note in the concept chapter about it.

Thank you for your feedback 🙏

Code of Conduct Report abuse