This is probably obvious, and I assume the answer is no but since this is such important thing from security perspective, I thought I 'd make sure.
My app will be contacting external api. For user I can handle this with oauth but for scheduled tasks I’m forced to store api key somewhere and send requests that way. If I add encrypted environment variable to my app and have secret information like API key there. Can people who use or install the app from the atlassian store store app access that api key or is it secure so only the forge backend and myself are able to see it?
