Where to store API keys? [Solved]

Hello all
I decided to use Bing’s API Image Search since it’s pretty straightforward.

That being said, it requires to use an API Key.

I’ve read that it’s not recommended to store the API key on the client side (which make sense since API keys is something we keep it hidden from the public).

So would it make sense to simply store the API key in a variable within your server file (lets say I am running server.js that runs node js express)?

There is some relevant discussion and tips here:

1 Like

If you go into serious hosting and such you should store your API keys as environment variables on your server which yoru applications should be able to access

Same with any database passwords and the like

1 Like

Awesome guys, just what I was looking for
Thanks guys!

Typically, you store your API keys and database passwords and other sensitive info in a config file on the backend that’s only readable to the owner of the app. You don’t store that config file in git however – you store a sample version of it instead, containing dummy keys. You then create the real config when you deploy the app to your server, which is done either by hand for a small site, or with devops tools like Puppet or Chef if you’re deploying to multiple (think dozens to hundreds) of servers.

Ideally, don’t even use database passwords at all, and set up your database to use host-based and public key auth instead. You still have to guard the private key file the same as a password, but at least passwords aren’t getting sent around.

2 Likes