DEV Community

Cover image for Hiding your API keys and .gitignore
Timothy Cummins
Timothy Cummins

Posted on

Hiding your API keys and .gitignore

When working with APIs it is important to keep your keys to yourself when sharing your project. Since your key is attached to your account, having someone steal your identity could cost you a ton of money or get you locked out from that service. So to prevent this we have to be careful when uploading our projects to a public site such as "GitHub". To do this I will be going over hidden folders and adding them to your .gitignore file so those folders are not uploaded.

Creating Hidden Folders to Place your Keys in:

mkdir .secret

By placing a period in front of the name of your folder, it will create a hidden folder. Meaning that it won't appear when generally browsing your computer. Though this folder is hidden you can still check that it is there through your terminal with the ls -a command. From here you can just change directory to this folder cd .secret and add files inside of it that you want hidden such as your api keys. Personally I like to place my API Keys in a "json" dictionary and use "Visual Studio Code" to edit them but any text editor of preference should work.

Example adding keys

code api_keys.json

{"api_key": "input api key","secret_key": "input secret key}

Making sure your Hidden Folders are not uploaded to "GitHub"

Our APIs are now hidden on our computer but we still need to make sure our hidden folders are not uploaded along with our project. To do this we need to add the names of the folders we don't want uploaded to a .gitignore file. When you are creating a repo with "GitHub" they will ask you if you want to add a .gitignore file and you always want one. Though if you did not select this option do not worry, you can just create a file named .gitignore anywhere in you repository and "GitHub" will recognize it.

So once we have located our .gitignore file we will need to open it with the text editor of your preference.

code .gitignore

Then add in on a new line any folders or files you do not want uploaded to "GitHub". Like such:

#Secret Folder
.secret/
# DS_Store
*/.DS_Store

Or even use a wildcard which represents one or more characters to hide all hidden folders:

#All Hidden Folders
.*/

I hope this helps those of you starting out with "GitHub" or learning about APIs. Using hidden folders and .gitignore to protect your data could save you a lot of money and your security.

Top comments (0)