I'm currently working on a dashboard project that uses several APIs, and I'm trying to figure out how to keep my API keys safe while hosting it on GitHub Pages. I've heard that creating a .env file and using gitignore might help, but I'm not too familiar with using the terminal. Is there an easier way to do this? Also, why is it important to hide these keys, and will the rest of my code still be visible to anyone I share it with?
3 Answers
Keep in mind that if your frontend makes calls directly to the APIs with the keys, users can potentially see those keys too. One option is to use limited-access keys that expose minimal functionality, or better yet, handle your API calls through a backend service. That way, your frontend won't directly reveal the keys.
You can also try the dotenv library, which helps you load environment variables from a .env file. You don't necessarily have to create the file using the terminal if you find that intimidating; just create it through your code editor. But keep in mind, not hiding your API keys can lead to significant security issues, including unauthorized usage of your keys that might cost you money.
A common approach is to create a .env file to house your API keys and then add that file to your .gitignore. This way, Git won't track the .env file and your keys stay safe from prying eyes. If your API keys end up public, you could end up with extra usage that could lead to your keys being revoked because they're being abused by others.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux