Open chadyj opened 2 years ago
sekimondre
commented
2 years ago How should we treat the projectId string in this case? We are currently exposing the dev projectId in code, which I don't know if it could expose a risk, but exposing a production projectId in the example code could add some risk. How sensitive is this data for the example App?
chadyj
commented
2 years ago How should we treat the
projectIdstring in this case? We are currently exposing the devprojectIdin code, which I don't know if it could expose a risk, but exposing a productionprojectIdin the example code could add some risk. How sensitive is this data for the example App?
Answered in the SDK meeting:
Better to hide from source code.
chadyj
commented
2 years ago On the Swift call today we discussed Github secrets where we can set variables like project ID to be run with github actions.
Might be helpful? https://docs.github.com/en/actions/security-guides/encrypted-secrets#about-encrypted-secrets
The infra team is using Github Secrets for the api proxy integration tests.
pedrouid
commented
2 years ago Have separate sample apps for both dev and prod environments with separate relayUrl and projectId as environment variables
just received report of a dev trying to use our Swift SDK with the "relay.dev.walletconnect.com" because it was on the example
https://github.com/WalletConnect/WalletConnectSwiftV2/blob/5ea0265d34f18ec48d71fc299adacecdacc904bb/Example/DApp/ClientDelegate.swift#L17
it's not terrible but we should have this default to the production server with some override value that you can change for testing environment
Status
Updated in: