walletconnect-docs icon indicating copy to clipboard operation
walletconnect-docs copied to clipboard
verified publisher icon WalletConnect

[specs] Support "dev" environment for sample apps

Open chadyj opened this issue 3 years ago • 4 comments

just received report of a dev trying to use our Swift SDK with the "relay.dev.walletconnect.com" because it was on the example

https://github.com/WalletConnect/WalletConnectSwiftV2/blob/5ea0265d34f18ec48d71fc299adacecdacc904bb/Example/DApp/ClientDelegate.swift#L17

it's not terrible but we should have this default to the production server with some override value that you can change for testing environment

Status

Updated in:

  • [ ] JS
  • [ ] Swift
  • [ ] Kotlin

chadyj avatar Feb 28 '22 11:02 chadyj

How should we treat the projectId string in this case? We are currently exposing the dev projectId in code, which I don't know if it could expose a risk, but exposing a production projectId in the example code could add some risk. How sensitive is this data for the example App?

dukevantreta avatar Mar 14 '22 14:03 dukevantreta

How should we treat the projectId string in this case? We are currently exposing the dev projectId in code, which I don't know if it could expose a risk, but exposing a production projectId in the example code could add some risk. How sensitive is this data for the example App?

Answered in the SDK meeting:

Better to hide from source code.

chadyj avatar Apr 04 '22 13:04 chadyj

On the Swift call today we discussed Github secrets where we can set variables like project ID to be run with github actions.

Might be helpful? https://docs.github.com/en/actions/security-guides/encrypted-secrets#about-encrypted-secrets

The infra team is using Github Secrets for the api proxy integration tests.

chadyj avatar May 04 '22 07:05 chadyj

Have separate sample apps for both dev and prod environments with separate relayUrl and projectId as environment variables

pedrouid avatar Jun 27 '22 13:06 pedrouid