Open chadyj opened 2 years ago
How should we treat the projectId
string in this case? We are currently exposing the dev projectId
in code, which I don't know if it could expose a risk, but exposing a production projectId
in the example code could add some risk. How sensitive is this data for the example App?
How should we treat the
projectId
string in this case? We are currently exposing the devprojectId
in code, which I don't know if it could expose a risk, but exposing a productionprojectId
in the example code could add some risk. How sensitive is this data for the example App?
Answered in the SDK meeting:
Better to hide from source code.
On the Swift call today we discussed Github secrets where we can set variables like project ID to be run with github actions.
Might be helpful? https://docs.github.com/en/actions/security-guides/encrypted-secrets#about-encrypted-secrets
The infra team is using Github Secrets for the api proxy integration tests.
Have separate sample apps for both dev and prod environments with separate relayUrl and projectId as environment variables
just received report of a dev trying to use our Swift SDK with the "relay.dev.walletconnect.com" because it was on the example
https://github.com/WalletConnect/WalletConnectSwiftV2/blob/5ea0265d34f18ec48d71fc299adacecdacc904bb/Example/DApp/ClientDelegate.swift#L17
it's not terrible but we should have this default to the production server with some override value that you can change for testing environment
Status
Updated in: