Level 102
As long as they are the public keys it should be fine. As the name suggests, they are public. If there are any private keys that is another matter
1 like
Feb 20, 2025
2
Level 1
exposed token in app.js after build in lravel
Hi. i've noticed when i published my app to prod that the app.js have all my secert tokens.
for instance : the pusher key and so on. is there a way to hide it or its supposed to be like that. Thank you for your time
Level 80
@kfc Don’t put anything you don’t want users to see in client-side JavaScript.
If you’re mapping secret keys using something like VITE_SECRET_KEY="${SECRET_KEY}" then yes, those values will work their way into your client-side JavaScript and be exposed.
1 like
Please or to participate in this conversation.