Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Const variables must be initialized with a constant value. Try changing the initializer to be a constant expression. #9

Closed
jtkeyva opened this issue Sep 17, 2022 · 4 comments · Fixed by #10
Closed

Const variables must be initialized with a constant value. Try changing the initializer to be a constant expression. #9

jtkeyva opened this issue Sep 17, 2022 · 4 comments · Fixed by #10
Labels
question Further information is requested

Comments

@jtkeyva
Copy link

jtkeyva commented Sep 17, 2022

Getting this error now... any ideas?

Const variables must be initialized with a constant value.
Try changing the initializer to be a constant expression.

Thanks

`
// lib/env/env.dart
import 'package:envied/envied.dart';

part 'env.g.dart';

@envied(path: '.env.dev')
abstract class Env {
@EnviedField(varName: 'KEY_ONE', obfuscate: true)
static const keyOne = _Env.keyOne;
@EnviedField(varName: 'KEY_TWO', obfuscate: true)
static const keyTwo = _Env.keyTwo;
}
`
@ThexXTURBOXx
Copy link
Contributor

Hi, when using obfuscation, you can only use static final, not static const.
This also makes sense since static const values will be calculated in compile time which is not what you want since you obviously want the values obfuscated :)
However, this should of course be properly documented. I will propose a PR soon.

@jtkeyva
Copy link
Author

jtkeyva commented Sep 18, 2022

cool thanks! is there any reason why one would not want it obfuscated? isn't the point of this maximum security for your keys?

@ThexXTURBOXx
Copy link
Contributor

You're welcome!
Yes, you are completely right! However, keys are only one of the many possibilities of env-files.
For example, you could be creating an app that accesses some backend like JIRA, GitLab Issues or something else that can be hosted on different dedicated servers.
If you want to be able to customize the URL at compile time without editing the code, you can just edit the env-file directly. In this case, you do not even have to worry about obfuscating the URLs since they are not an inherent secret.
There are also many more possibilities for env files, e.g., defining paths of files, colors etc.
In all these cases, obfuscation is just a factor that will slow down your code.
That's why I opted for adding per-field obfuscation possibilities here: #4 (comment)
This allows users to obfuscate only some fields while others stay unobfuscated.

@ThexXTURBOXx
Copy link
Contributor

Also, it might be worth pointing out that your keys are not entirely unreadable.
However, this obfuscation gives your attackers a bad time reading them from the resulting binary: frencojobs/envify#28 (comment)

@ThexXTURBOXx ThexXTURBOXx mentioned this issue Sep 19, 2022
Merged
@techouse techouse added the question Further information is requested label Nov 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: Better documentation for obfuscation ThexXTURBOXx/envied
3 participants
@techouse @jtkeyva @ThexXTURBOXx