Closed dabreegster closed 1 year ago
Do we need to start using gitcrypt to store things like API keys? Still this change is orthogonal to that I think
Do we need to start using gitcrypt to store things like API keys?
No, because the API key shows up in what we serve. It's trivial to figure it out even if we obfuscated the JS sent to the client, because the browser will make requests using the key. https://documentation.maptiler.com/hc/en-us/articles/360020806037-How-to-protect-your-map-key describes how to protect the key -- setting up allowed domains. #59 tracks that; it hasn't been a problem yet.
…or #257
This uses https://vitejs.dev/guide/env-and-mode.html, and has no behavioral change. It's just a simple change that can be done independently of the rest of the GCP deployment work.
When we're ready, we can define a
.env.prod
file with a different resource base URL (the private GCS bucket).