I have a simple React web app and I need to add some environment variables for storing API keys.
The React app, after build, is deployed on a public Google Cloud Storage bucket that is pointed by DNS.
As stated by Create React documentation:
The environment variables are embedded during the build time
So I do not want to have my API Keys exposed in the build, that is public on the bucket once deployed.
Here comes my question: is it possible somehow to add environment variables in a Google Cloud Storage bucket?
If you are accessing these keys in the React app, then they are public keys. Everything on the FE is accessible in some form or another. Perhaps you could fetch these keys and store them in-memory, they would still be visible through the network inspector.
If you need to hide your API keys, then don't access APis directly from the FE. Rather, create a backend application that accesses the APIs and exposes them to the FE. You can then protect this API with CORS.
Another way would be to do something similar with Firebase Cloud Functions, if using Google.