This is not really a question, but I’m wondering what is the best approach to keep your passwords/ api keys safe while working on expo app?
I’ve currently pushed one JSON to github repo that contains sensitive data (google oauth client ids, android api keys), and i use this to repo build standalone apps. I’d like to delete this file (and its git history log) from github for obvious security reasons and wanted to know what is the recommended approach here to ‘save’ and ‘use’ this sensitive info using Expo.
For example, heroku recommends to set config variables
It’s a bit hard to make generalizations for this, it depends on is your repo open or private, do you have to share the information with your collaborators or not.
However, secrets do not belong in the repo (that’s why they are called secrets). You can add them to the repo locally and include them in the .gitignore file. Also, https://www.npmjs.com/package/check-for-leaks can help with that.
The definition of what is secret then is up to you.