Why is this seceret public?

[willemneal]

https://github.com/stellar/soroban-example-dapp/blob/cb63b93b0eb79a797cd497942816379f7a3792ef/shared/constants.tsx#L3

[leighmcculloch]

I believe it is hardcoded for the mint operation that the UI can perform. The admin key is the only key that can be used to mint tokens for the example contract. I think it was included here out of convenience for that. We could have the value supplied through an env variable though, and generated by the user.

cc @paulbellamy

[paulbellamy]

Yes, for production apps this should not be public, but for a demo it is hardcoded here.

@leighmcculloch good suggestion, we should generate and env-var it.

[paulbellamy]

This has been fixed, and now soroban-cli generates a key.