Open sam-xif opened 5 years ago
schoobydrew
commented
5 years ago I saw this: https://security.stackexchange.com/questions/150808/how-secure-is-my-heroku-source-code
post recommends creating config variables to pull in at runtime instead of hard coding them into the code, that way our API keys are not sitting visible on the git
ghost
commented
5 years ago i agree this is pretty important.
essentially how this would work is having everyone use a local process.env file that's blocked by .gitignore for local development and heroku has a configuration section for the variables as well. that way our info is safe.
This is not totally necessary, but it will prevent external users who can see the code from tampering with our Firebase instance.