Successfully notarized my electron application for osx, but now the issue is that the apple id and app specific password are in the package.json. I of course don't want to hard code them there for distribution but can I use environment variables from say a .env file to replace them or how can I keep them secret in the package.json file?
I looked into dotenv and cross-env but I didn't see how the env variables could be used in a package.json file.
App was built using electron forge.
Structure (taken from the electron-forge docs) that I use:
{
"name": "my-app",
"version": "0.0.1",
"config": {
"forge": {
"packagerConfig": {
"osxSign": {
"identity": "Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)",
"hardened-runtime": true,
"entitlements": "entitlements.plist",
"entitlements-inherit": "entitlements.plist",
"signature-flags": "library"
},
"osxNotarize": {
"appleId": "felix@felix.fun",
"appleIdPassword": "my-apple-id-password",
}
}
}
}
}
Thanks in advance.
Duplicate of your own post : Where can I find electron forge config js file where package.json is parsed?
You should rather extract the electron forge configuration in a separate JS file : ElectronForge configuration and load your environment variables using process.env.YOUR_VARIABLE_NAME
{
"name": "app",
"description": "app",
"productName": "app",
"version": "0.0.0",
"private": true,
"scripts": {
},
"config": {
"forge": "./forge.config.js"
},
...
}
module.exports = {
"packagerConfig": {
"osxSign": {
"identity": "Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)",
"hardened-runtime": true,
"entitlements": "entitlements.plist",
"entitlements-inherit": "entitlements.plist",
"signature-flags": "library"
},
"osxNotarize": {
"appleId": process.env.NOTORIZE_APPLE_ID,
"appleIdPassword": process.env.NOTORIZE_APPLE_ID,
}
}
}