What's your preferred way to keep API keys securely stashed when preparing your website ready for production?
I need to stash IG, Youtube and probably Facebook keys and I want to keep the site as minimal as possible regarding plugins and frameworks etc.
Keeping it JS only wasn't an option as I need a back-end too or is there a way I haven't discovered yet?
I'm currently checking out Django with Python but it feels bloated...
@7047741 mostly we keep keys stored in local environment variables: https://hackernoon.com/how-to-use-environment-variables-keep-your-secret-keys-safe-secure-8b1a7877d69c
@7047741 by "we" I mean my professional colleagues. This is a pretty standard practice for web apps.
@stephen @7047741 unless I'm misunderstanding, node.js is js backend? but yea as setphen linked, there is a concept called "dotenv", a .env file which is where you store keys, they get automatically assigned to environment variables, and that file is kept out of version control. In a lot of cases (docker, etc) there's the concept called 'secrets' which just equates to the same/similar thing, where you read it from the environment it runs in, rather than storing it in/with the code
@_discovery node.js is indeed a js back-end, but I don't need a back-end, unless you can only put env variables by having a back-end?
@7047741 .env is more of a paradigm. how you load those keys into the environment is not particularly node based. it's convention like
Revel in the marvels of the universe. We are a collective of forward-thinking individuals who strive to better ourselves and our surroundings through constant creation. We express ourselves through music, art, games, and writing. We also put great value in play. A warm welcome to any like-minded people who feel these ideals resonate with them. Check out our Patreon to see our donations.