Open ksiman14 opened 3 years ago
Hi Kelsey! I just wanted to add some notes on what would need to be completed if we wanted to use environment variables:
.env
file in the root directory of the project, and add that file to the .gitignore
.env
file, prepending the keys with REACT_APP_
Since the keys we are using are publicized in the build process and access to the Firebase store is guarded by a configuration in Google's Cloud Console, this would just be a good learning exercise since it is safe to keep these keys in the repository anyways.
But let's say that we did run into a situation where we accidentally exposed private keys in our repository, Github has a great guide on how to purge a file and its history so that the vulnerable code is no longer in the repo 🔥
Note: This issue should only be addressed if the rest of the issues have been resolved at the end of the project.
AC