Skip to content

Instantly share code, notes, and snippets.

@zealoushacker

zealoushacker/secure_your_keys.md

Last active August 29, 2015 14:08
Show Gist options
  • Save zealoushacker/5e66e0980de5e14d3400 to your computer and use it in GitHub Desktop.
Save zealoushacker/5e66e0980de5e14d3400 to your computer and use it in GitHub Desktop.
Download ZIP
Checklist for securing API keys
Raw
secure_your_keys.md

Protecting your API keys for nodejs apps

Don't check in your API keys into your git repo, ever.

Checklist:

  1. If you've already checked in an API key for a service to your git repo, generate a new key
  2. Create a file called .env in your project's root directory
  3. Store your API keys in your .env files in this format: API_KEY_NAME=api_key_value
  4. Anywhere you had written your key in your js files, use the expression process.env.API_KEY_NAME to get the value of the API key from your environment
  5. If you have multiple keys, each key-value pair should be on a new line - See Environment
  6. Add your .env file to .gitignore so that you don't check in your .env file into your git repo
  7. Create a Procfile_dev file and add web: nodemon index.js to it.
  8. Start your app locally with foreman by writing foreman start -f Procfile_dev
  9. From now on your apps will start on port 5000 so please go to http://localhost:5000 in your browser to see your app.
  10. Set your environment variables on heroku by writing the following command in your terminal: heroku config:set API_KEY_NAME=api_key_value
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment