Glitch’s .env is divulging secrets, but only when remixing, despite this explicit mention that it clears out the secrets upon remix:
Only invited collaborators are able to see the contents of your .env file. So anonymous viewers or logged-in users who haven’t been invited to your project can’t see them. When remixing an app the values are cleared so they’re not copied across.
They are not visible in the root project anonymously: Glitch :・゚✧
This is concerning, as we just sent out an email campaign driving developers to our Glitch example. Is this a bug in Glitch, or have we done something improperly resulting in this?
Glitch @Glitch_Response contacted me directly and found a resolution for me. For whatever reason, the 2nd line: REACT_APP_NAME=thing caused the problem, and removing it fixed it. I don’t have clarity on why, but perhaps Glitch can give us a retro once they fix it to regain some trust in the secrets functionality.