Hey all, I am using an the API token to authenticate access to both the catalog import for the React SDK and to authorize the iframes. The documentation https://www.gooddata.com/docs/gooddata-ui/latest/learn/visualize_data/export_catalog/ advices to place the API token in the .env file. However, it also advice that API tokens should not be commit to version control. My react webpage is built using a Github build action from my repo. What is the recommended way to handle the API so that my Github build action can see the necessary API tokens to authenticate access?

Hi Grant, have you considered using Github Actions Secrets: https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions?