{"id":3424,"date":"2021-07-09T17:35:03","date_gmt":"2021-07-09T22:35:03","guid":{"rendered":"http:\/\/bluegalaxy.info\/codewalk\/?p=3424"},"modified":"2021-07-09T17:35:06","modified_gmt":"2021-07-09T22:35:06","slug":"vue-js-how-to-hide-a-public-api-key-from-github","status":"publish","type":"post","link":"https:\/\/bluegalaxy.info\/codewalk\/2021\/07\/09\/vue-js-how-to-hide-a-public-api-key-from-github\/","title":{"rendered":"Vue.js: How to hide a public API key from github"},"content":{"rendered":"\n

I was working on a video player app in Vue and forgot about the API_KEY that I was using from google for fetching video data from YouTube which I had listed as a const variable in my App.vue file. This ended up getting pushed up to my public github repo, exposing the key that I was issued. For example:<\/p>\n\n\n\n

const API_KEY = AIzaSyBFpwlb38eH6BDR-8wgLOhOw9jhRXpN2G8;  \/\/ Not a valid key<\/pre>\n\n\n\n
To fix this security issue so as not to allow unauthorized usage of my google API key, I did the following.<\/p>\n\n\n\n
1. Created a new file in my project src directory called API_KEYS.txt<\/code><\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
2. Pasted the API key there, on the top line<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
3. Added ‘API_KEYS.txt’ to my .gitignore<\/code> file so that this file won’t get pushed up to to github<\/p>\n\n\n\n
4. In a cmd prompt, cd to the project directory and ran this command to install a module called raw-loader<\/code>:<\/p>\n\n\n\n
npm install raw-loader --save-dev<\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
5. After npm was finished installing the raw-loader module, I created a new file in the project root called vue.config.js<\/code>. <\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
6. With this file created, I pasted the following text in it (to be used by npm and raw-loader):<\/p>\n\n\n\n
module.exports = {\n  chainWebpack: config => {\n    config.module\n      .rule('raw')\n      .test(\/\\.txt$\/)\n      .use('raw-loader')\n      .loader('raw-loader')\n      .end()\n  }\n}<\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
7. Now in the App.vue file, I added a new import statement to pull in the API key from APP_KEYS.txt and updated the API_KEY const variable to pull in that value so that the key is not visible in the code.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
8. I then revoked the API key that had already been published on github and got a new API key from https:\/\/console.cloud.google.com\/<\/a> by logging into my account and clicking the REGENERATE KEY button. I then pasted the newly regenerated key into API_KEYS.txt.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
9. I then rebuilt the project in order to confirm that Vue was using the updated API_KEY and was still working. <\/p>\n\n\n\n
10. Finally, I used git to push all of these changes up to the github repo. Now the old key is no longer valid and the new API key is not visible to the public. <\/p>\n","protected":false},"excerpt":{"rendered":"
I was working on a video player app in Vue and forgot about the API_KEY that I was using from google for fetching video data from YouTube which I had listed as a const variable in my App.vue file. This ended up getting pushed up to my public github repo, exposing the key that I … Continue reading Vue.js: How to hide a public API key from github<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44,221],"tags":[91,61],"class_list":["post-3424","post","type-post","status-publish","format-standard","hentry","category-javascript-language","category-vue-js","tag-npm","tag-vue-js"],"_links":{"self":[{"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/posts\/3424","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/comments?post=3424"}],"version-history":[{"count":10,"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/posts\/3424\/revisions"}],"predecessor-version":[{"id":3441,"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/posts\/3424\/revisions\/3441"}],"wp:attachment":[{"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/media?parent=3424"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/categories?post=3424"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bluegalaxy.info\/codewalk\/wp-json\/wp\/v2\/tags?post=3424"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}