I want to push some codes to my GitHub Repository. These codes are in different languages like Javascript
, Java
, Python
etc. Some of those codes contain some private API
key that I don't want to publish.
Is there any way to hide the keys automatically.? Should I remove it from my code manually.?
There are many projects that I want to push to GitHub. So, manual removal is not a good option.
The only way to hide it is to proxy your request through your own server. Netlify Functions are a free way to add some simple backend code to a frontend app. This is this method I used while learning to program in college, where I needed to share my progress with my peer group without disclosing my API keys.
You can't. Everything in the browser belongs to your user; they can see it all. If you are making a call with credentials that you want to hide you have to do it on the server side. It's not hard to just have the client hit your server and then have your SERVER make the sensitive call as the middle man.
No, it is not possible and YOU SHOULD NEVER put the credentials and other confidential data into the GitHub plaintext. There is lots of bots scanning through the git and gathering the passwords from there. It is not possible, because even If You would somehow be able to do this.
You should consider using .env
files and read the keys from the environmental variables. How to do so depends on the language and tools you use (for node.js, php, etc.).
You can exclude .env
file from commits by adding .env
to the .gitignore
. You can also upload an example configuration .env.example
with dummy data or blanks to show the schema your application requires.
Any time you have files with sensitive data like
config.yml
you MUST NOT commit them to your repository. I'll show you an example.
Suppose you have a yaml file with some username and password:
# app/config/credentials.yml credentials: username: foo password: bar
If you want to hide the foo
and the bar
values, remove this file from your repository, but add a distribution
file that aims to maintain username and password fields, but without any real values:
# app/config/credentials.yml.dist credentials: username: ~ password: ~
During installation you can get this file by copying app/config/credentials.yml.dist
to app/config/credentials.yml
.
Also, remember to add app/config/credentials.yml
to your .gitignore
file.
Its the same with api keys:
# app/config/config.yml config: credentials: username: foo password: bar api_stuffs: api_foo: fooooo api_secret: baaaaar api_token: tooooken
This works well for configuration files, and is a good pattern that saves you every time you need to share the structure of a configuration but not sensitive data. Init files, configurations and so on.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With