Joe Astuccio

Joe Astuccio

Keeping API keys secret in Gatsby

09/14/20191 Min Read — In Gatsby, Security

I am not a security expert and make no promises that this will hack proof your app. I do know you should NEVER commit secret keys to github

  1. Open .gitignore and ignore *.env. You should probably ignore this in a global .gitignore file

secret files

  1. Create a .env file in your apps main directory code .env

  2. Add as many secrets to your new .env file as you need. Something like: SECRET_KEY=sk_T2BDZFh2BE57DZFhGn0qlXGhiQK `ANOTHER_KEY=srahateinrshnthnrasht374678'

  3. Add to gatsby-node.js

1require("dotenv").config({
2 path: `.env.${process.env.NODE_ENV}`,
3})
4
5...
6// import keys something like
7`secretKey: process.env.SECRET_KEY,`
8`anotherKey: process.env.ANOTHER_KEY,`