What's your preferred way to keep API keys securely stashed when preparing your website ready for production?
I need to stash IG, Youtube and probably Facebook keys and I want to keep the site as minimal as possible regarding plugins and frameworks etc.
Keeping it JS only wasn't an option as I need a back-end too or is there a way I haven't discovered yet?
I'm currently checking out Django with Python but it feels bloated...
@7047741 mostly we keep keys stored in local environment variables: https://hackernoon.com/how-to-use-environment-variables-keep-your-secret-keys-safe-secure-8b1a7877d69c
@7047741 by "we" I mean my professional colleagues. This is a pretty standard practice for web apps.
@stephen @7047741 unless I'm misunderstanding, node.js is js backend? but yea as setphen linked, there is a concept called "dotenv", a .env file which is where you store keys, they get automatically assigned to environment variables, and that file is kept out of version control. In a lot of cases (docker, etc) there's the concept called 'secrets' which just equates to the same/similar thing, where you read it from the environment it runs in, rather than storing it in/with the code
@_discovery node.js is indeed a js back-end, but I don't need a back-end, unless you can only put env variables by having a back-end?
@7047741 .env is more of a paradigm. how you load those keys into the environment is not particularly node based. it's convention like
Merveilles is a community project aimed at the establishment of new ways of speaking, seeing and organizing information — A culture that seeks augmentation through the arts of engineering and design. A warm welcome to any like-minded people who feel these ideals resonate with them.