Open sam-xif opened 5 years ago
I saw this: https://security.stackexchange.com/questions/150808/how-secure-is-my-heroku-source-code
post recommends creating config variables to pull in at runtime instead of hard coding them into the code, that way our API keys are not sitting visible on the git
i agree this is pretty important.
essentially how this would work is having everyone use a local process.env
file that's blocked by .gitignore
for local development and heroku has a configuration section for the variables as well. that way our info is safe.
This is not totally necessary, but it will prevent external users who can see the code from tampering with our Firebase instance.