feat: document secret handling in dioxus fullstack #496
Conversation
| } | ||
| ``` | ||
|
|
||
| This method ensures that the required values are available in the client application without exposing sensitive information at runtime. |
There was a problem hiding this comment.
To me this reads like you can sometimes include API keys on the client side which is true, but only if you have some other way to protect the API. You either need to restrict the API key in some other way or expose the functionality through your server with something like a server function. You should never include a normal API key on the client side at compile time. Some APIs, like Google Maps let you restrict an API to a specific domain: https://developers.google.com/maps/documentation/javascript/get-api-key#restrict_key
| 1. **Load the `.env` file in your server entry point**: Use the [`dotenv`](https://docs.rs/dotenv) crate to load the environment variables. In your `main` entry point: | ||
|
|
||
| ```rust | ||
| use dotenv::dotenv; |
There was a problem hiding this comment.
dotenv isn't maintained anymore. Can we use std::env::var directly or an alternative library?
There was a problem hiding this comment.
Good catch! But at least it works with the latest rustc version, which is somewhat surprising since it has been abandoned for a very long time. I will update the docs to mention alternatives for loading all environment variables at once using a different crate.
2 participants
Fixes #152