Last active
September 21, 2024 05:45
-
-
Save derzorngottes/3b57edc1f996dddcab25 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## How to hide API keys from github ## | |
1. If you have already pushed commits with sensitive data, follow this guide to remove the sensitive info while | |
retaining your commits: https://help.github.com/articles/remove-sensitive-data/ | |
2. In the terminal, create a config.js file and open it up: | |
touch config.js | |
atom config.js | |
3. In the config file, enter your API keys in an object like so (naming them whatever you like, and putting the keys in | |
as strings). You don't need any other code in this file: | |
var config = { | |
MY_KEY : '123456', | |
SECRET_KEY : '56789', | |
KEY_2 : '101010' | |
} | |
4. In your HTML file, add a script link to this file BELOW your jQuery script but ABOVE your own script file links: | |
<script type='text/javascript' src='config.js'></script> | |
<script type='text/javascript' src='script.js></script> | |
5. In your javascript/jquery file (probably script.js), declare variables that point to your API keys in the config file | |
like so. Note that the 'config' here refers to the object called 'config', NOT to the file config.js: | |
var mykey = config.MY_KEY; | |
var secretkey = config.SECRET_KEY; | |
6. Be sure to replace every instance of the API keys with these new variables. | |
E.g. if you had: | |
url: 'https//www.whatever.com/?query&sig=12345' | |
Now you will have: | |
url: 'https://www.whatever.com/?query&sig=' + mykey | |
7. In the terminal create a .gitignore file and open in atom. Note the period at the start of the file name: | |
touch .gitignore | |
atom .gitignore | |
8. In the .gitignore file, enter any file names that you want git NOT to track/commit/push. No other code is necessary. | |
In this case you would enter: | |
config.js | |
9. Type git st. You should see the .gitignore file ready to be tracked. You should NOT see the config.js file. | |
10. git add ., and git st again. Make sure the config.js file didn't get added. If everything looks good, you're ready | |
to commit and push. |
Can you explain in most straightforward words how to and where to hide my API key.. I have just started coding and am struggling. I am building a front-end website hosted on GitHub and want to hide the code and API keys required. Is there any other way then upgrading my GitHub plan?
Sounds like netlify functions posted earlier.
Thank you for this info. Im running into an issue and it could be user error. my apikey isnt working in github pages once I commited the .gitignore. if anyone knows how i could fix this issues please let me know.
Awesome article.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you