Comment by Marco Alka on "How to use an environment variable in production?"

The short answer: yes, you do.

The platform where you deploy your application usually offers some kind of configuration page, which lets you define env variables. Please try to not commit them or save them to local project files. Keep them in a password manager or other encrypted source and configure them manually for the target platform, because if they are released once, malicious people can do much harm with them.

Unfortunately, every platform has a different way to configure them. For example, Zeit uses the CLI tool for configuration.

Since Electron usually is a desktop application, though, I recommend adding a server part, which keeps the secrets. Do not distribute secrets to users, because users are evil and cannot be trusted. They will be able to extract the secrets.

I am already aware of that part Marco Alka, I have defined an environment variable in the CI/CD configuration and when I test the production build of the application that time it doesn't work.

Yashu Mittal sorry to hear that I could not help. It is rather difficult to work with the minimal information given 😉

As for your problem, did you try to contact your platform's support, yet? They should be able to tell you how to fix the problem for their platform.

This is not a platform-specific problem it's a general electron based problem.

I want to define few API keys in the CI/CD configurations so that those APIs keys can be used in the application without hard-coding them directly.

Yashu Mittal that sounds like you are doing something wrong... Again, Electron applications are desktop apps, are you sure you want to put API keys in there?

Anyway, Electron apps are just NodeJS plus Chromium. They can use environment variables on your target platform easily.

What you write sounds as though you think that these keys are somehow baked into the app through a CI process. That's not how CI works. CI takes your code, builds the application and then deploys it to a target platform - all of that automatically on code changes. You have to define the keys on the target platform to be use-able by your program. If you want to use configuration parameters which you can roll out without hard-coding them, though, then you probably really should use a config file, which contains these parameters, instead.

I suggest you were right, I was thinking of CI that it would auto inject the API keys automatically 😂 into the application.

Search Hashnode