Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Customize sinkbinding env variable name #7872

Open
Leo6Leo opened this issue Apr 25, 2024 · 4 comments
Open

Customize sinkbinding env variable name #7872

Leo6Leo opened this issue Apr 25, 2024 · 4 comments
Labels
kind/feature-request

Comments

@Leo6Leo
Copy link
Member

Leo6Leo commented Apr 25, 2024

Problem
Currently, when using SinkBinding in Knative Eventing, the names of the environment variables are defaulted to:

  • K_SINK: The URL of the resolved sink.
  • K_CE_OVERRIDES: A JSON object specifying overrides to the outbound event.

However, modern frameworks like React.js and Next.js require environment variables to have specific prefixes for security considerations:

  • React.js requires the prefix REACT_APP_* for the framework to read the environment variable.
  • Next.js needs the prefix NEXT_PUBLIC_* for similar accessibility.

Allowing users to customize the names of SinkBinding environment variables would greatly simplify application development. This enhancement would enable developers to integrate Knative Eventing seamlessly with these frameworks, adhering to their security protocols and reducing setup complexity.

Persona:
Which persona is this feature for?

Exit Criteria
A measurable (binary) test that would indicate that the problem has been resolved.

Time Estimate (optional):
How many developer-days do you think this may take to resolve?

Additional context (optional)
Add any other context about the feature request here.
@Leo6Leo
Copy link
Member Author

Leo6Leo commented Apr 25, 2024

cc @creydr @Cali0707 @pierDipi

@Cali0707
Copy link
Member

I like this idea, maybe we can provide a .spec.sinkEnvVar and a .spec.ceOverridesEnvVar field, where users can specify the name of the env vars for the sinkbinding.

@pierDipi
Copy link
Member

However, modern frameworks like React.js and Next.js require environment variables to have specific prefixes for security considerations:

what are these security considerations ? Any resource I can read ?

@Cali0707
Copy link
Member

@pierDipi :

Note: You must create custom environment variables beginning with REACT_APP_. Any other variables except NODE_ENV will be ignored to avoid accidentally exposing a private key on the machine that could have the same name. Changing any environment variables will require you to restart the development server if it is running.

source

I think the main concern is that env variables are embedded into the html/js/css which becomes public

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pierDipi @Leo6Leo @Cali0707