Here my question is who can actually access the files that are in a Heroku server? If i have some secret keys that i use as Env variables is it safer to store them in a file (i'm actually using the package dotenv storing my keys into a .env file ) or is maybe better to store them into the Heroku env variables system ?
CodePudding user response:
The good practice is to store them in the ConfigVars: they are separated from the code and are 'safe' in case someone gains access to the files of the application.
Locally it is ok to use .env
(with the package dotenv) but the file is typically never pushed or stored with the application. If you are using dotenv the application will read the Heroku environment variables instead.