Is projectApiToken in plasmic.json to be secret?

Hey folks, in my “plasmic.json” after using codegen, I have some “projectApiToken” values:

"projects": [
      "projectId": "seaQhLVS4bbjiGvJJrRwyL",
      "projectApiToken": "REDACTED",
      "projectName": "LIBRARY Plasmic Color + Type",
      "version": "15.0.3",
      "cssFilePath": "plasmic/library_plasmic_color_type/plasmic_library_plasmic_color_type.module.css",
      "components": [],
      "icons": [],
      "images": [],
      "indirect": true,
      "globalContextsFilePath": "",
      "codeComponents": []
      "projectId": "xmpSio9wLVR18Lu1gZTmnZ",
      "projectApiToken": "REDACTED",
      "projectName": "Simple Light Landing Page",
      "version": "latest",

This triggers GitGuaradian. Are those values secret, or just unique Id for the libraries used by my project that I can safely commit? If they are safe, you may want to rename them maybe add “public” or smth

The token grants codegen access to the project. If you prefer, you can also remove the projectApiToken fields from your plasmic.json file; you will still be able to authenticate in other ways

(if you’re running plasmic sync locally without the projectApiToken fields, the cli will just ask you to log into the web app and provide a token)

Hi, thank for the answer and sorry for the late reply! Then projectApiToken should probably not be generated as a default by Plasmic if it’s a private token?

users might mistakenly publish that

I can’t find the documentation for those auth patterns

projectApiToken gives nothing when I search the docs

Project API token is intended to be public