'How to hide an API key in the public folder of node.js when deploying to heroku?
I am serving public HTML and JavaScript files through the public folder of node.js with the help of app.use(express.static('public')); in my server.js file.
The public folder has an index.js. Here I have an api key for fetching a Map from mapbox. I added the api key into a config.js file within the public folder, and added config.js to the git ignore file inside the public folder.
This doesn't work when I deploy the code on heroku.
How do I successfully deploy the code on Heroku without leaking the Map API key present in the public folder of node.js? I know that API's need to be on the server side, but should I do the same for the map API?
Solution 1:[1]
npm install dotenv
create a .env file in your project
put API key there
In your server file initial dotenv dependencies
And use it where you want
On Heroku go to settings and reveal config vars and add your .env variable there with value and that would be it
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Stefan Momcilovic |