Secrets Exposure


The following API key should not be any value other than "undefined" in the frontend regardless of which user tries to access the page:
process.env.API_KEY: "12345678901234"

Show API results fetched using the process.env.API_KEY variable
null

The following users should not contain the "passwordHash" property, regardless of which user tries to access the page:
[
  {
    "id": 1,
    "username": "alice",
    "passwordHash": "$2b$12$rip3gbockwavRttTaMZa.u5JKY1542MOLBI7YGkRXaj83rtocfl3a"
  },
  {
    "id": 2,
    "username": "bob",
    "passwordHash": "$2b$12$0N14zwm7.gFNB9UriJpo9eHqCBSezv1zdvbLL7ql79KYJM50fvo6q"
  }
]