kimwoodfield
commented
3 years ago Hi @elhedran
Thank you for the lesson!
I've updated the secret key to now pull from an environment variable instead of displaying it publicly.
Really appreciate the advice.
https://github.com/kimwoodfield/workout-tracker-api/blob/ceaa0252614320019946807f8fb1ffaff5c81a61/server/server.js#L25
I know this is just a personal app. but figured I'd do a bit of a review anyway.
Secrets should not be encoded into source code - pull from a config file or environment variable set up on deploy - even for personal projects a good habit to get into.