[SOLVED] How to provide secrets/tokens to Galaxy app?

I started an app template at GitHub - trusktr/mapapp. The README instructs the user:

make a file ./imports/keys.js here in this project, with your Here auth key:

export const harp = 'AUTH_KEY'

Galaxy does not know it has to do this, so it builds the app without key.js and the app doesn’t work.

How do we get token to Galaxy?

EDIT: the token would be visible in devtools anyway, so security isn’t a concern I suppose. Maybe I should just commit the key. How can a token be passed to a client-side library without it being visible in devtools? Doesn’t seem possible without something more clever like having the Meteor backend negotiate a temporary token with Harp.gl then sending that back to the client for the session.

Hey @trusktr, you can provide tokens using Meteor Settings. You can create a file named settings.json where you can put your configuration options. Then you can initialize your app passing the --settings option to meteor run, meteor deploy, and to the deployment options in Meteor Cloud.

You would run your app like this: meteor --settings path/to/settings.json

If the settings.json contains a key named public, then Meteor.settings.public will be available on the client as well as the server. All other properties of Meteor.settings are only defined on the server. You can see an example here to check how it is used and also read our documentation about Meteor Settings.

Thanks. I suppose this effectively the same as importing a setting from a JS file, in which case the setting is public on the client too.

Looks like I need to ask Here Maps how to get auth tokens dynamically instead of copy/paste.

I marked the title as [SOLVED]. By the way, there’s an official “solved” plugin so that people can mark answers, and topics will shows as “solved”. GitHub - discourse/discourse-solved: Allow accepted answers on topics

In your settings json file, anything under “public” will be included on the client. Everything else is server only. For example

  "public": {
      "someVar": "This is available on client + server"
   "private": {
      "anotherVar": "This is only available on the server"
1 Like