Question

secrets in constants when running locally

0

Hi. Our app queries a service secured with a password. When it’s deployed there’s no problem because we set the constant values using the cloud tools, but when we run it locally the password tends to leak to SVN because the default constant value is part of the project settings. I was hoping to alter constants using: - env var - project-settings.user.json but it seems it’s not supported. What to do?

asked 2021-12-20

ilya basin

3 answers

1

Only two options are available at this moment: You can either directly set the constant value or use project settings to set the value.

answered 2021-12-20

Nirmalkumar Thandavamoorthy

1

The assumption seems to be that when running from your local machine, you use credentials that are shared by the team. That means they can be saved in SVN. Would that option work for you?

answered 2021-12-20

Joost Verhoog

Rene van Hofwegen · Accepted Answer · 2021-12-20

My approach is to never use constants for passwords.

I do use the encryption module from the marketplace to encrypt/decrypt stored passwords in the database.

Which is NOT part of your model repository SVN/GIT