Hello everyone! Currently I am working on PWA project. We build pwa with nuxt and drupal as backend. So I have a lot of secrets from backend and don`t know where store it.
Can you share your best practices?
![Cover image for NuxtJS v.2.15.8. How to hide private keys?](https://media.dev.to/cdn-cgi/image/width=1000,height=420,fit=cover,gravity=auto,format=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fedh5gvpt2wbrgsyihdmz.png)
For further actions, you may consider blocking this person and/or reporting abuse
Top comments (1)
Hi, what exactly are you looking to hide?
A client side app usually communicate with a backend through a clear API with public endpoints. All tokens on your client side app should be public.
If you want to hide something, use your backend as a middleware (put the sensitive/private tokens there).
You can also use a private token during the build step (that one will only be available on the server, hence private).