I upload to github without api-key(key is in .env and ignored.)
When i deploy site, how can i set api-key in netlify?
Related
The project's local development environment makes it mandatory to have a .npmrc file with the following content:
registry=https://registry.npmjs.org/
#my-organization:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=your-GitHub-token-should-be-here-and-I-will-not-share-my-for-security-reasons
Hence, any client properly authenticated into the GitHub Packages
Registry can install our private NPM packages hosted for free on GitHub Registry by running:
npm ci #my-organization/our-package
Ok, it works on my local development environment.
Now, I am building a Continuous Integration process with GitHub Actions which is a different but similar challenge. I have this on my .yaml file:
- name: Create .npmrc for token authentication
uses: healthplace/npmrc-registry-login-action#v1.0
with:
scope: '#my-organization'
registry: 'https://npm.pkg.github.com'
# Every user has a GitHub Personal Access Token (PAT) to
# access NPM private repos. The build of GitHub Actions is
# symmetrical to what every developer on the project has to
# face to build the application on their local development
# environment. Hence, GitHub Actions also needs a Token! But,
# it is NOT SAFE to insert the text of a real token on this
# yml file. Thus, the institutional workaround is to insert
# the `{{secret}}` below which is aligned/set in the project
# settings on GitHub!
auth-token: ${{secrets.my_repo_secret_key_which_is_not_being_shared}}
On GitHub settings->secrets->actions->"add secret":
On the secret value, I added my Personal Access Token. The same I have on my .npmrc file. It works for npm i.
Nobody can see the secret value on GitHub. Not even me, the person who added it and the admin. The value can only be updated or removed.
This feels "good enough" for security, but still, it does not feel like best practice. I believe it would be better to have a "new working" token detached from any personal token being used by a developer who is working on the project.
Is it possible to generate and insert a value of GitHub Personal Access Token which is unrelated to the Personal Access Token of people working on the project?
If yes, how to do it?
you should use GITHUB_TOKEN insted of PAT(personal access token)
i am new to AWS, i deployed a MERN application in it as follows:
front end on S3 bucket with web hosting enabled;
backend (node, express and graphql) on an ELB;
these two apps are put behind a cloudfront distribution as origins.
the app works fine but a cookie that i am setting is not received by the browser:
the other thing that is bothering me is that the access-control-allow-origin header is set to * although i have the cors policy set in my app to my particular domain.
the cookies are set in development but once i push the code to the server it does not work.
any help is much appreciated.
I made it work but i am not sure what i exactly did. the thing here is that cloud front doesn't not forward the set-cookie if you don't tell it to do so.
I just needed to update the Cache key and origin requests options that you find when you try to update a behavior like this :
I am trying to authenticate to a server from my React-Native app using Azure AD.
Now, I don't understand what is a redirect URI and I don't understand where should I put my server's URL in Azure and what URL should I call from my React-Native app.
Documentation for it is quite confusing.
I don't understand what is a redirect URI
For React-Native app, the redirect_url is optional. Refer to this document for more details.
An url that ADLoginView will be redirect when login success, this property is optional.
I don't understand where should I put my server's URL in Azure and
what URL should I call from my React-Native app.
You needn't put your server's url in Azure.But you need to add authentication to your server. Then you can call your server api as normal, but with the Authorization header. This sample will help you to understand better though it is using aspnetcore.
You need to create register two applications in Azure portal. Client app and server app. You will get the access token via your native app and then use it to access your server app.
i've implemented Google Spreadsheets API in an nodejs server, on localhost first time it asked to go to some specific url and copy token, i did this and everything was fine.
But on PROD, i see that it asks for the same thing, but i can't do that for PROD server ( i mean that i can't open console like on local machine and insert that code generated by google ).
So, what can i do? How can i make it works for PROD server.
P.S i've already tried with API keys, but it expects OAuth 2 access token.
I'm not sure what you mean. Could you post some code?
Generally when using the Google SDK in Node, you have the standard developer token, and you get a user access token from the user's Google account - whether that's you or anyone else. You can set those in your environment such as a .env file or in your app's settings on something like Heroku. There's no need for a console.
I'm implementing google's reCAPTCHA in my form. Google provides site key and secret key that I need for verification. Since my codes are in github's repository, I don't want sensitive information to be lying around. So, I created environment variables for the keys. However, the form doesn't seem to validate with environment variables.
I'm using nodejs express framework. My site is hosted on openshift.
File: https://github.com/thethakuri/tenders/blob/master/routes/routes.js
Website: http://tenders.rudra.com.np/signup
Nevermind. Hot deployment was enabled in the Openshift platform. All I had to do was restart the app.