Understand that the default values set for environment variables in the code editor appears in source control. What is the best practice for debugging that involves secrets? Is it safe to set them via the run configuration instead of the repo.json?
Good news, the answer is yes!
Any environment variable you set in your run configuration is only present where your application runs, we do not store it anywhere else outside memory (of your browser).
This can be beneficial when you’re testing with secrets that you do not wish - and should not - commit to the codebase.
We also have some roadmap items to improve on secret management in general, so you can store them with us in a secure manner and use them for deployments/IDE runs. They’ll be only available for your deployments and not exposed after setting it. I’m not exactly sure when this feature goes live, but it is on the roadmap.