'Can environment variables in React be accessed from the client?

I know it's bad practice to have environment variables containing backend API keys on the client side (React). How insecure is this practice? These keys are injected during compile time on the client. Is it relatively easy to access these keys? Would someone be able access these keys via developer tools from client given that they know the environment variable names?

reactjssecurityenvironment-variables


Solution 1:[1]

Yes. You should never store API keys in react env. You can read how it is read and stored in build from here React Docs

WARNING: Do not store any secrets (such as private API keys) in your React app!

Environment variables are embedded into the build, meaning anyone can view them by inspecting your app's files.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Nishant Chorge

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application