Ask HN: What’s best practice for securing API keys in open source projects?

8 点作者 martialg大约 3 年前

I’m working on a project that I want to open source, but it uses an API key that I want to keep hidden from untrusted parties. What’s best practice on how to do that? Google is really vague about “encrypting” it.

2 条评论

FrenchDevRemote大约 3 年前

put it in an .env file and add the .env file to .gitignore?

评论 #31450842 未加载

评论 #31448582 未加载

danenania大约 3 年前

Check out <a href="https://www.envkey.com" rel="nofollow">https://www.envkey.com</a> (disclaimer: I'm the founder).<p>It's open source. It uses client-side end-to-end encryption to avoid trusting the host server. You can either use our cloud (easiest option, free for up to 7 users, 2 minute setup) or self-host it (bit more work).