Is projectApiToken in plasmic.json to be secret?

important_reindeer · June 23, 2022, 8:15am

Hey folks, in my “plasmic.json” after using codegen, I have some “projectApiToken” values:

"projects": [
    {
      "projectId": "seaQhLVS4bbjiGvJJrRwyL",
      "projectApiToken": "REDACTED",
      "projectName": "LIBRARY Plasmic Color + Type",
      "version": "15.0.3",
      "cssFilePath": "plasmic/library_plasmic_color_type/plasmic_library_plasmic_color_type.module.css",
      "components": [],
      "icons": [],
      "images": [],
      "indirect": true,
      "globalContextsFilePath": "",
      "codeComponents": []
    },
    {
      "projectId": "xmpSio9wLVR18Lu1gZTmnZ",
      "projectApiToken": "REDACTED",
      "projectName": "Simple Light Landing Page",
      "version": "latest",

This triggers GitGuaradian. Are those values secret, or just unique Id for the libraries used by my project that I can safely commit? If they are safe, you may want to rename them maybe add “public” or smth

chungwu · June 23, 2022, 8:19pm

The token grants codegen access to the project. If you prefer, you can also remove the projectApiToken fields from your plasmic.json file; you will still be able to authenticate in other ways

chungwu · June 23, 2022, 8:20pm

(if you’re running plasmic sync locally without the projectApiToken fields, the cli will just ask you to log into the web app and provide a token)

important_reindeer · July 25, 2022, 12:46pm

Hi, thank for the answer and sorry for the late reply! Then projectApiToken should probably not be generated as a default by Plasmic if it’s a private token?

important_reindeer · July 25, 2022, 12:46pm

users might mistakenly publish that

important_reindeer · July 25, 2022, 12:46pm

I can’t find the documentation for those auth patterns

important_reindeer · July 25, 2022, 12:47pm

projectApiToken gives nothing when I search the docs

yang · July 25, 2022, 3:34pm

Project API token is intended to be public