Exclude some environment variable from the published page
Our build configuration uses a GITHUB_TOKEN that is declared as a Environment variable with a secret value on page build config. Everything works fine but this variable finds itself being published as part of the code public website. Because it is used to access a private github npm registry I cant use a fine-grained token, it has to be a classic one. GTherefore it has read access to many repo and can't be restricted. I'd rather avoid having this token exposed. What are my options? can I remove this particular env var from the final binaries?
0 Replies