Menu
I'm writing a Python application that utilizes the Tumblr API and was wondering how I would go about hiding, or encrypting, the API key.
Github warns against pushing this information to a repo, so how would I make the application available to the public and still follow that policy?
731
A slightly good way to keep the key out of the repository would be to create a secrets package in your project and add the whole package to the project's Git Ignore file. # Files and directories with API keys, IAM usernames and passwords, # etc.
Yes, you should absolutely hash your API keys. In effect, they are your passwords and should be treated as such. And note that's hashed - not encrypted. You never need to decrypt the API keys, hence you should not be able to.
Why do you need to post your API key? Why not post your app code to Github without your API key and have a configuration parameter for your users to add their own API key?
195
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
