I've been building a number of web applications and SPA's over the last few weeks that use API secrets and keys that I don't want available to the public:
- Fire base Authentication Key/Secret
- Paid Algolia search account API Key/Secret
Up to this point I've always used a .env file to store these and a npm module to read through the variables.
That said, I've heard a few times now that this isnt the best way to do this and it's actually quite unsafe to store variables this way. Is there a better way to do this that I'm not aware of?
Thanks in advance.
Server is running Debian 9.xx and apache2
Aucun commentaire:
Enregistrer un commentaire