I'm new to angular, so right now I have created an Angular SPA, which takes GitHub username and displays some profile and repos info
For this, I need to pass my Personal Access Token in Headers while calling Github REST API's
Currently, I have hardcoded the token in my service file, but is there any other way to avoid hardcoding such tokens directly in the app? Something similar to .env files in react?
CodePudding user response:
Angular has environment files too. A project's src/environments/ folder contains the base configuration file, environment.ts, which provides a default environment.
You could declare environment variables, like a access token in there. Those are unreachable for the users using the application, though other developers who have access to your project code will still be able to see them. https://www.digitalocean.com/community/tutorials/angular-environment-variables
Next step up from here would be to use secrets as they were ment to: https://docs.github.com/en/actions/security-guides/encrypted-secrets