1

Successfully notarized my electron application for osx, but now the issue is that the apple id and app specific password are in the package.json. I of course don't want to hard code them there for distribution but can I use environment variables from say a .env file to replace them or how can I keep them secret in the package.json file?

I looked into dotenv and cross-env but I didn't see how the env variables could be used in a package.json file.

App was built using electron forge.

Structure (taken from the electron-forge docs) that I use:

{
  "name": "my-app",
  "version": "0.0.1",
  "config": {
    "forge": {
      "packagerConfig": {
        "osxSign": {
          "identity": "Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)",
          "hardened-runtime": true,
          "entitlements": "entitlements.plist",
          "entitlements-inherit": "entitlements.plist",
          "signature-flags": "library"
        },
        "osxNotarize": {
          "appleId": "felix@felix.fun",
          "appleIdPassword": "my-apple-id-password",
        }
      }
    }
  }
}

Thanks in advance.

sychordCoder
  • 230
  • 3
  • 14

1 Answers1

5

Duplicate of your own post : Where can I find electron forge config js file where package.json is parsed?

You should rather extract the electron forge configuration in a separate JS file : ElectronForge configuration and load your environment variables using process.env.YOUR_VARIABLE_NAME

package.json

{
    "name": "app",
    "description": "app",
    "productName": "app",
    "version": "0.0.0",
    "private": true,
    "scripts": {
    },
    "config": {
        "forge": "./forge.config.js"
    },
...
}

forge.config.js

module.exports = {
    "packagerConfig": {
        "osxSign": {
          "identity": "Developer ID Application: Felix Rieseberg (LT94ZKYDCJ)",
          "hardened-runtime": true,
          "entitlements": "entitlements.plist",
          "entitlements-inherit": "entitlements.plist",
          "signature-flags": "library"
        },
        "osxNotarize": {
          "appleId": process.env.NOTORIZE_APPLE_ID,
          "appleIdPassword": process.env.NOTORIZE_APPLE_ID,
        }
      }
}


J4Y-M
  • 281
  • 1
  • 9
  • Thanks for your answer. It's helpful. Can you say how to "load your environment variables using process.env.YOUR_VARIABLE_NAME" ? I'm not finding much guidance out there on that. Where do we write out process.env.Variable-Name, and then where do we write the actual variable names for things like appleId and appleIdPassword? – SeanRtS Sep 02 '21 at 21:52