Keeping API keys secret in Gatsby
I am not a security expert and make no promises that this will hack proof your app. I do know you should NEVER commit secret keys to github
- Open
.gitignoreand ignore*.env. You should probably ignore this in a global .gitignore file
secret files
Create a .env file in your apps main directory
code .envAdd as many secrets to your new .env file as you need. Something like:
SECRET_KEY=sk_T2BDZFh2BE57DZFhGn0qlXGhiQK`ANOTHER_KEY=srahateinrshnthnrasht374678'Add to gatsby-node.js
require("dotenv").config({path: `.env.${process.env.NODE_ENV}`,})...// import keys something like`secretKey: process.env.SECRET_KEY,``anotherKey: process.env.ANOTHER_KEY,`