Hi @maidos, @Chilace has a valid point; any package running in the Node.JS process (as all of your npm packages do) will have access to anything the Node process can access, including your hidden config.json file - “hiding” it only hides from the file list and the git repo; not from Node.
There’s extra infrastructure around the .env that gives it special meaning in Glitch, among which is the fact that its contents are:
- visible to the editor (including to collaborators)
- hidden from git / Rewind
- only keys are copied on remix; not values
All in all, .env is the most Glitch-y (and most correct, in the context of Glitch) place to store your secrets. I’m afraid there is no workaround to the behavior that hides .gitignored files from the editor, and we have no specific plans to change that.