I have two Forge Apps where i need to access another API and have to Authenticate via Bearer Token. Right now the Bearer Token is plain Text in the Code and therefore in our Git Repository.
I feel uneasy about having this Token plain text in my code, is there a way i can have it elsewhere and only add it while deploying?
In other Languages i would put it into a separate Config File, which i have on gitignore so it doesn’t get checked in by accident, and only locally have the real Token.
Is there a Way for this or something similar in Forge?
As long as the bearer token is appropriate a system token (for all users of the app), then the environment variable option fits. For example, with client_credentials for the app itself.
On the other hand, if you need per-tenant or per-user secrets, then you would want the Forge secure storage feature just announced here: