Reputation: 915
Is it best practice to hide API keys in .env file in React
I am new to React and was learning how to hide API keys gotten from GitHub API and from other APIs. I found out that it is possible to hide keys in .env files and get access to those keys by using REACT_APP and ensure that .env file is added into .gitignore file in order not to be submitted to a server. `The question is Is it considered best practice the way of hiding keys I described above. Secondly, is .env file added to a server even if we add .env file into .gitignore file.
Upvotes: 2
Views: 1474
Answers (1)
Reputation: 943564
If you are going to be passing the contents of the environment data file to React, which is client-side code, then it isn't likely to be very useful for keeping things secret.
Mostly this will be useful for keeping your various environments separate (e.g. so you don't accidentally use the URL for your test API server in the production deployment of your app).
If you were using this for server-side code, then it would be useful to keep your secrets secret and not publishing them in a git repository (that you might want to allow other people access to).
Whether or not the environment data file would be deployed to your server would depend on your deployment process. If your deployment process consisted of nothing more than checking out your git repository to the live server, then no, it wouldn't be deployed.
Upvotes: 3
Related Questions
- Using API keys in a react app
- Storing API KEY in .env and fetching it in react app
- How to hide API Keys in React public html file
- how to hide API key in react app using .env file
- React: Hide API keys
- Where to store API key in ReactJS?
- Hiding the API key in React
- How to hide API keys and secrets in React JS app deployed on Docker
- How do I create a .env file for a project to hide API key
- How do I protect my API keys in my React App?