Can I hide sensitive files from other users on replit?

georgemg · January 26, 2023, 10:33pm

I have a file with sensitive information that is used to authenticate requests to AWS. Is it possible to compile my code with the file included, but make it hidden to everyone else?

bigminiboss · January 26, 2023, 10:40pm

You cannot, many were annoyed when replit removed this; in short, you cannot in console apps. If you want to make a secret, you can use the secrets tab that can be accessed but not viewed by any user

georgemg · January 26, 2023, 11:30pm

Thanks for letting me know

savardo · January 27, 2023, 2:29am

Some repls, like those using the HTML, CSS and JS template, will not have the secrets tabs that @bigminiboss mentioned.
So for those repls, the only way to ‘hide’ files is putting your file in the .config folder as a config file. It won’t show up if “Show hidden files” is turned off (but most people won’t care about config files so it’s about just as good as secrets files :))

Sky · January 27, 2023, 2:31am

try to obfuscate maybe?

pro0grammer · January 28, 2023, 9:01am

Welcome to the replit ask forums!!

Obfuscation is a good thought, but with deobfuscators around it may not guarantee the protection.

You can use secrets as mentioned above; if you’re using authentication on frontend, it’s already a bad idea. You should make a backend for authentication and most of them already support secrets so there shouldn’t be any problem using it.

If you’re not working on a website and/or are on a template which doesn’t support secrets, either find a workaround with templates that do support secrets or if you don’t intend to publish the repl than you can make your repl private using cycles. Otherwise you must’nt use it, for your own safety.

You can learn more about secret variables here.

And no, trust me relying on .configfor hiding important information is a bad idea, don’t do it.

MattDESTROYER · January 28, 2023, 9:29am

The way the .config file is hidden is by adding it to the list of hidden files in the hidden list in the .replit file (which is automatically done on all of Replit’s templates). You can add other files to this list to hide them in the same way.

.replit:

# ...
hidden = [".config", "some text file.txt", "some folder", "another folder/another file.txt"]
# ...

savardo · January 28, 2023, 9:38am

yea, that is a really bad idea. you could use databases like supabase and store your file there with authentication.

Sky · February 4, 2023, 7:05pm

Simply create your own obfuscation method that is still executable; I’ve seen people create the most hideous random obfuscation methods that aren’t even executable.

anon40284853 · February 4, 2023, 7:17pm

Python Flask repls have a secrets tab, and can be used for websites. Flask is a way for Python to host and interact with HTML sites, which can use CSS and JS.

QwertyQwerty88 · February 4, 2023, 7:51pm

I believe that only hides them in the workspace editor.

MattDESTROYER · February 4, 2023, 8:06pm

It does on the cover page too (at least sometimes, it doesn’t always seem to be very consistent), but you can just click show hidden files.

coolcoder1213 · February 4, 2023, 8:08pm

No. There is not exactly a way. But you can use secrets or encode some text.

Sky · February 4, 2023, 8:11pm

Just obfuscate, as I’ve said between two and three times; you could, however, develop your own obfuscation technique because, if you employ a well-known obf, there’s a significant possibility that a deobfuscator already exists for that obf method choice.