What’s best practice for securing API keys in open source projects?

Question

I&rsquo;m working on a project that I want to open source, but it uses an API key that I want to keep hidden from untrusted parties. What&rsquo;s best practice on how to do that? Google is really vague about &ldquo;encrypting&rdquo; it.

FrenchDevRemote · Accepted Answer

put it in an .env file and add the .env file to .gitignore?

danenania · Answer

Check out https://www.envkey.com (disclaimer: I'm the founder).It's open source. It uses client-side end-to-end encryption to avoid trusting the host server. You can either use our cloud (easiest option, free for up to 7 users, 2 minute setup) or self-host it (bit more work).

What’s best practice for securing API keys in open source projects?

I’m working on a project that I want to open source, but it uses an API key that I want to keep hidden from untrusted parties. What’s best practice on how to do that? Google is really vague about “encrypting” it.

put it in an .env file and add the .env file to .gitignore?

Check out https://www.envkey.com (disclaimer: I'm the founder).
It's open source. It uses client-side end-to-end encryption to avoid trusting the host server. You can either use our cloud (easiest option, free for up to 7 users, 2 minute setup) or self-host it (bit more work).