Needs to be secure, but accessible from both client/server. Stuff like Initiative limit should be there, whether to run in debug or production mode (for mocking data).
We should only be using settings.json for service credential stuff, like Facebook App Id, secrets, AWS, etc.
How is Meteor.settings not secure? The only thing that is exposed to the client is anything inside the public key. Everything else is only available on the server?
Needs to be secure, but accessible from both client/server. Stuff like Initiative limit should be there, whether to run in debug or production mode (for mocking data).
We should only be using settings.json for service credential stuff, like Facebook App Id, secrets, AWS, etc.