How can I hide my Api key?
-
I have created an online software which stores user's files in online storage of firebase. And now I want to upload that project to GitHub.But my API keys are in the files of that project. And I have read in some articles that it is not safe to share API key on GitHub. Hackers can misuse your entire database using API keys. So my question is, is there any way by which I can hide my API key inside the file itself.Sounds impossible, but how do I upload my project to GitHub so that my API key is not stolen? Please help me and thanks in advance.
-
@HeerokNewbie said in How can I hide my Api key?:
I have read in some articles that it is not safe to share API key on GitHub. Hackers can misuse your entire database using API keys.
Yes, that is true for most API keys that give you access permissions.
I have created an online software which stores user's files in online storage of firebase. And now I want to upload that project to GitHub.But my API keys are in the files of that project.
Firebase API keys are different; they don't provide permissions so hackers can't use your key to modify your Firebase database.
However, you should still set up restrictions on your key. See https://firebase.google.com/docs/projects/api-keys
-
@JKSH So can I upload my project to GitHub without worrying? I have restricted my firebase storage rules. Is this enough or do I have to restrict my API key as well?
-
Hi,
Usually API keys are stored offline and provided as secret at build/deploy time.
Or if user specific, you would have them create an account somewhere and have them enter the key in your software. -
ever hear of macro guarded code inclusion and .gitignore?
