Correction: Do NOT hide your secrets in the root outline
Nov 3, 2021
1 min read
Correction 13 November: you should not use this for real secrets, since the root outline is not really hidden or secure. But for global variables that you don't mind having exposed it should be OK. Caveat emptor!
My video demo yesterday revealed the URL of my Netlify build hook for all to see. It's now been changed, but I need not have revealed. Drummer has a root outline where global variables can be defined.
So in the root outIine I can create an env
object, and define an entry for netlifyBuildHook
for the URL. (You have to use proper JavaScript object syntax, with brackets, colons and quotes.)
The xhr.open line of my build script can then be xhr.open("POST", root.env.netlifyBuildHook, true);
without revealing the actual URL.