search

akvo / akvo-flow

A data collection and monitoring tool that works anywhere.
http://akvo.org/products/akvoflow/
GNU Affero General Public License v3.0
65 stars 31 forks source link

Remove Google maps key #3804

Closed kardan closed 2 years ago

kardan commented 3 years ago

Context

We recently got an email from Google saying we got an api key committed to source (https://github.com/akvo/akvo-flow/blob/1b892b0d8fe92c082c5204eaf8ce046ccb4e80f7/Dashboard/app/js/lib/main.js). This was added a very long time ago in 2013. We investigated the issue and the key lives on an account related to billing and that account details now are added to 1password. The key is restricted for usage on Akvo domains. But only very early domains. To my understanding Google maps are not used on any Flow instance at the moment.

Problem or idea

We should delete the key from source.

Solution or next step

We could adopt https://github.com/akvo/akvo-flow/blob/master/GAE/src/org/waterforpeople/mapping/app/web/EnvServlet.java and expose a possible api key. But, if no one is using Google maps then do we really need to generate a key? Maybe it's just to remove the key from source and maybe also retire the API key if it's not used.

stale[bot] commented 2 years ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.