I’ve noticed that when using constants to store certain values the values are easily accessible and readable in the metadata.json and config.json files. Is there any way to store constants so that they can be accessed by the app but are not visible to others (for example if one is storing a password that the app needs to function but which you potentially do not want other developers to see). Or is it better to not store sensitive information in constants at all? Is there another way? Many thanks.
I would put sensitive data inside the database. So use a configuration entity and encrypt the password inside an attribute of that entity. Do note that developers with the model and the database can still retrieve the password since you need to retrieve the setting and decrypt that password before you can use it.