Joe Astuccio

Joe Astuccio

Keeping API keys secret in Gatsby

09/14/20191 Min Read — In Gatsby, Security

I am not a security expert and make no promises that this will hack proof your app. I do know you should NEVER commit secret keys to github

  1. Open .gitignore and ignore *.env. You should probably ignore this in a global .gitignore file

secret files

  1. Create a .env file in your apps main directory code .env

  2. Add as many secrets to your new .env file as you need. Something like: SECRET_KEY=sk_T2BDZFh2BE57DZFhGn0qlXGhiQK `ANOTHER_KEY=srahateinrshnthnrasht374678'

  3. Add to gatsby-node.js

require("dotenv").config({
path: `.env.${process.env.NODE_ENV}`,
})
...
// import keys something like
`secretKey: process.env.SECRET_KEY,`
`anotherKey: process.env.ANOTHER_KEY,`