I have... what feels like a very dumb question here...

So... let's start off with by covering the basis by saying that I have full permission to do everything I'm trying to do.

So I'm taking a look at this web app created with React JS.

Noticed that there's what looks like a hard coded key "React_APP_SECRET_KEY:"xxxxxxxxxxxxxxxxxx" along with the public site key.

If I wanted to do a proof of concept, just how on earth do I put this React App Secret Key to use?

I've tried googling everything but website after website simply says "oh yeah that's a common issue with apps made with React. You need to put it in an environment variable instead."

Like yeah, thanks I know, but how do I use the key lol.

Read a bit about .env files, if they key is hardcoded in the frontend move it to a .env file that is added to .gitignore and not pushed to the repository.

Figure out how to read key values from .env, good luck

To put it in your environment variables, easiest is just to export it to your shell session.

So you'd write something like this in your terminal where you are starting your react application:
```
export REACT_APP_SECRET_KEY=xxx
```

This expects you have bash though, simplest is to just download Git, you get Git Bash along with it's installation.

So for this, I am not the developer of the React App. Just testing the app for issues. I understand the fix for them is to move it to env variables, but usually when we find a key, we show it being used as a proof of concept to show how bad the issue is. I just don't know how to use the React App Secret Key.