Skip to content

chore(docs): update readme #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 14, 2024
Merged

chore(docs): update readme #115

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ecdebb7
chore(docs): update readme
java-james Oct 14, 2024
2f9fa41
chore(docs): update readme
java-james Oct 14, 2024
02a7b4b
chore(docs): update readme
java-james Oct 14, 2024
86d34d6
chore(docs): update readme
java-james Oct 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 26 additions & 1 deletion README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,12 @@ This library parses that file and merges its values with the built-in

[docs-io]: https://api.dartlang.org/apidocs/channels/stable/dartdoc-viewer/dart:io.Platform#id_environment

# Security Considerations

Sensitive keys like API keys and tokens should not be stored in your Flutter app. They can be extracted even if obfuscated. This libary currently does not obfuscate variables as it may lull the consumers into a false sense of security. Use environment variables on the frontend application for non-sensitive configuration values, such as API endpoints and feature flags.

For more details on mobile app security best practices, refer to the [OWASP Mobile Security Project.](https://owasp.org/www-project-mobile-top-10/)

# Usage

1. Create a `.env` file in the root of your project with the example content:
Expand Down Expand Up @@ -108,6 +114,20 @@ Optionally you could map `env` after load to a config model to access a config w

Refer to the `test/dotenv_test.dart` file for a better idea of the behaviour of the `.env` parser.


## Get with typing

It's a common pattern to get an env variable then parse it as a type. You can get variables that are already typed by using the following functions:

```dart
// someBool is a bool
final someBool = dotenv.getBool('VAR_NAME', fallback: true);
// someDouble is a double
final someDouble = dotenv.getDouble('VAR_NAME', fallback: .3);
// someInt is an int
final someInt = dotenv.getInt('VAR_NAME', fallback: 42);
```

## Referencing

You can reference variables defined above other within `.env`:
Expand Down Expand Up @@ -172,7 +192,6 @@ Future<void> main() async {
}
```


## Usage with Platform Environment

The Platform.environment map can be merged into the env:
Expand All @@ -189,6 +208,12 @@ Like other merged entries described above, `.env` entries can reference these me
CLIENT_URL=https://$CLIENT_ID.dev.domain.com
```

# Security Considerations

### Never store sensitive keys in the frontend:

Sensitive keys like API keys and tokens should not be stored in your Flutter app. They can be extracted even if obfuscated. This libary currently chooses not to ocfuscate the variables as it may lull the consumers into a false sense of security. Use environment variables for non-sensitive configuration values, such as API endpoints and feature flags.

# Discussion

Use the [issue tracker][tracker] for bug reports and feature requests.
Expand Down