Move API key and resource base URL into vite config, in preparation f…

acteng / atip

Active Travel Infrastructure Platform

https://acteng.github.io/atip/

Apache License 2.0

22 stars 4 forks source link

Move API key and resource base URL into vite config, in preparation f… #331

Closed dabreegster closed 1 year ago

dabreegster commented 1 year ago

…or #257

This uses https://vitejs.dev/guide/env-and-mode.html, and has no behavioral change. It's just a simple change that can be done independently of the rest of the GCP deployment work.

When we're ready, we can define a .env.prod file with a different resource base URL (the private GCS bucket).

Pete-Y-CS commented 1 year ago

Do we need to start using gitcrypt to store things like API keys? Still this change is orthogonal to that I think

dabreegster commented 1 year ago

Do we need to start using gitcrypt to store things like API keys?

No, because the API key shows up in what we serve. It's trivial to figure it out even if we obfuscated the JS sent to the client, because the browser will make requests using the key. https://documentation.maptiler.com/hc/en-us/articles/360020806037-How-to-protect-your-map-key describes how to protect the key -- setting up allowed domains. #59 tracks that; it hasn't been a problem yet.