I’m working on a project that I want to open source, but it uses an API key that I want to keep hidden from untrusted parties. What’s best practice on how to do that? Google is really vague about “encrypting” it.
Check out <a href="https://www.envkey.com" rel="nofollow">https://www.envkey.com</a> (disclaimer: I'm the founder).<p>It's open source. It uses client-side end-to-end encryption to avoid trusting the host server. You can either use our cloud (easiest option, free for up to 7 users, 2 minute setup) or self-host it (bit more work).