Skip to content

chore: move example publishable keys to .env, add wallet status banner#47

Merged
RhysAtBolt merged 4 commits intomainfrom
chore-move-example-publishable
Apr 2, 2026
Merged

chore: move example publishable keys to .env, add wallet status banner#47
RhysAtBolt merged 4 commits intomainfrom
chore-move-example-publishable

Conversation

@arstiefel
Copy link
Copy Markdown
Collaborator

@arstiefel arstiefel commented Mar 31, 2026
edited
Loading

Description

Moves the example app's hardcoded Bolt publishable key and environment out of source into a gitignored boltConfig.ts, generated from .env by a new scripts/gen-bolt-config.js script (runs automatically on yarn start/android/ios). Also adds an inline wallet status banner to App.tsx so success/error results are visible without relying solely on Alert.alert.

Testing

  • Verified yarn gen-bolt-config generates example/src/boltConfig.ts from .env
  • Verified the generated file is gitignored and the example app compiles with it
  • Confirmed wallet status banner renders success (green) and error (red) states inline

Security Review

Important

A security review is required for every PR in this repository to comply with PCI requirements.

  • I have considered and reviewed security implications of this PR and included the summary below.

Security Impact Summary

Removes a hardcoded publishable key from committed source code, replacing it with a gitignored file generated from .env. The publishable key is non-secret and merchant-scoped, but keeping it out of the repo is good hygiene. No changes to payment flows, authentication, user data handling, or external integrations.

@snyk-io
Copy link
Copy Markdown

snyk-io bot commented Mar 31, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Base automatically changed from feat-fetch-google-pay-config to main April 1, 2026 08:22
@RhysAtBolt RhysAtBolt marked this pull request as ready for review April 1, 2026 13:11
@RhysAtBolt RhysAtBolt requested review from a team as code owners April 1, 2026 13:11
@RhysAtBolt @claude
chore: resolve merge conflict with main in Podfile.lock
87181a1 
Takes main's BoltReactNativeSdk checksum (39c8b51) over the PR branch's
locally-generated one (0612ca2) — both reference v0.6.1, the PR's
checksum was an incidental artifact of a local pod install.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@RhysAtBolt RhysAtBolt merged commit 17c0b74 into main Apr 2, 2026
7 checks passed
@RhysAtBolt RhysAtBolt deleted the chore-move-example-publishable branch April 2, 2026 13:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@unickq unickq unickq approved these changes

@RhysAtBolt RhysAtBolt RhysAtBolt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arstiefel @unickq @RhysAtBolt