Hide API Keys Without dotenv environment variables | Hiding API Keys in Javascript Netlify

You can also use a sql server in another data center install sql php and apache and something cool to encript/decript stuff. encrypt the keys in a very secure way so it can be decrypted by your machine only, store the encripted keys in SQL database write some php allow your domains that use any of the keys only to access your servers others should not get an answer from the server. From here there are multiple methodes on how you can or might want to use the keys including decoding and sending it to some secret place on your websites server over end to end encrypted connection and use it on your webserver. your websites webserver should delete the file when it's no longer needed . Yes it's not as fast as what you do but it is very secure and not easy to find the data and even if someone is able to get access to the database they are not able to crack the keys and more important if they crack the keys most people do not know how to use them and what the keys should be used for... maybe you want to try something like this, it's what I did 15 years ago and it is still very secure however if the hackers want to there is no system secure enough but this is hard to hack...
Good luck and happy coding !
Best Regards,

I guess it is pretty off topic but does anybody know a good site to stream new series online?

@Harlem Julian Flixportal xD

@Korbin Kylo Thank you, I went there and it seems like a nice service =) I really appreciate it!

@Harlem Julian No problem :)

No, it will not go to Github. The apikey.js file is in the .gitignore file. That keeps it from going to Github. If you are referring to the file created on Netlify, it won't go to Github either. Netlify pulls files from the Github repo, but it does not send files to Github. I hope that helps to clarify 💯

A different approach involving a little more upfront work, but this may be a good solution for development. I have not attempted it, so I am not sure how it would work with a Netlify deploy. I may have to try it out! Good question! Anyone wondering what we are discussing can look at this link for an overview: www.juandebravo.com/2017/12/02/git-filter-smudge-and-clean/

Thank you!

You're welcome. This solution will keep the key out of GitHub. If you want to keep it out of your code completely, consider a bit more in-depth solution like this one: th-cam.com/video/uk9pviyvrtg/w-d-xo.html

You can use a dot env file but you should never send it to Github. Always put the .env file in your .gitignore file. This tutorial shows how you can hide an API key from Github and still deploy to Netlify without using a .env file.

Sounds like your script tag needs type="module". At least that is the most common cause of that error.

Javascript runs in the browser and anything used in the browser can be viewed. You can make it difficult to read with minification - that is minifying the JS files - but it will still be available to anyone that knows how to use devtools. You might consider putting the logic you want to hide in Node.js code that runs on the server. You can then set up a relay. I show how to do this here: th-cam.com/video/uk9pviyvrtg/w-d-xo.html

​@@DaveGrayTeachesCode I ran the build command but my netlify app still wont make the api call.

Thank you!

Right - this is just a quick way to not send it to GitHub and still deploy. You want this video: th-cam.com/video/uk9pviyvrtg/w-d-xo.html

did you find a solution ?

You would need to create an API key relay as I show here: th-cam.com/video/uk9pviyvrtg/w-d-xo.html

@@DaveGrayTeachesCode thanks for answer. Will try on next project

You're welcome!

You're welcome!

You are correct, and I mention this in the video. This also applied to the dot env approach. I will make other videos showing the approaches I mentioned: 1) a node js relay and 2) a serverless function. Thanks for asking.

@@DaveGrayTeachesCode thanks for your quick response

Where can I find a tutorial on this app??

I need to make the tutorial. It is more complex than the average weather app, I am looking forward to making it when I can. Thanks for asking!

@@DaveGrayTeachesCode Sure I will be waiting for that. I am sure I will learn alot from it. I have learnt a lot from your videos.
thanks sir

@@darshaanaghicha8023 I am glad to hear it and happy to help. Thanks!

Glad I could help 💯

Glad it helped!

I said it is a good way to avoid putting a key in a GitHub repository and acknowledged there are other ways to hide the keys from your code entirely such as serverless or a backend relay. I plan to make videos on those methods as well. If you have a student project though, this method allows you to keep your key out of a GitHub repository and still use it for your project. Thanks for watching.

You're welcome!

If you use an API key in your frontend code at all, it can be seen through dev tools. As explained in the video, the point is not sending the key to GitHub. Especially for student projects. Want to keep it out of the frontend completely? Watch my video on setting up a relay: th-cam.com/video/uk9pviyvrtg/w-d-xo.html

You're welcome! 🚀

You're welcome - this works as a quick fix for student projects, but better solutions are here: th-cam.com/video/uk9pviyvrtg/w-d-xo.html and here: th-cam.com/video/J7RKx8f4Frs/w-d-xo.html

If they want to specifically steal yours, but if want just want to keep it out of Github for a student project, personal project, etc. - this works. GitHub has bots crawling it for those keys.

I explained what this was for in the video. Search my channel for the API key relay. That is what you want.

Glad it helped! 💯

this is not even hiding the api, the title is so misleading