After creating the Ravenous project in React, should I be concerned about pushing the project to GitHub with the API key included? I keep reading about how this is ‘personal’ or ‘secret’ and should never be posted to a public repository, but how else do you make the code to a project such as this viewable (ex. using it for a portfolio sample)?
1 Like
don’t include the API key in a file that is uploaded to github, your account for the API could be abused.
What is common then is to make file (constants.js for example) (first add this file to gitignore), set up your API key here:
const SECRET_API_KEY="xxxxxxxxxxxxxxx"
then import the SECRET_API_KEY variable and use it where you need it. Given constants.js is in gitignore, it won’t be pushed to github.
even better would to also make constants.js.example, in example, define the variable but give them an empty string:
const SECRET_API_KEY=""
then in your readme.md, include instructions how this should be set up (copy the example file, and set the variable). the example file can safely be pushed to github.
the advantage of this approach is that other developers working on your project do know which constants they need to configure. In this case, with their own API key.
1 Like