My current codebase is a yarn workspace in which there are several packages including an expo app and a configuration package.
The configuration package is shared between the server and the mobile app and exports a file containing configuration keys: database URLs, API secrets, passwords, and more.
Of course, this package provides the configuration file based on the environment in which the app is run: in development, the configuration file for development is exported, in production, the one for production, which does not contain secret keys but only environment variables, is provided.
The development secret file is included in the .gitignore file, so it is not uploaded to the repository and is not included in the server build.
However, now I am wondering what happens during the expo build. Is the secret file excluded as it is contained in the .gitignore, or is it included in the build and could be recovered n some way through the apk?
If so, I wonder if there is a way to prevent this from happening.
Thanks in advance for your patience.