bookRa
commented
5 years ago I believe the main solution used in botBuilder locally is to use .env to store keys. I had just put my API key for the convenience of someone who wanted to clone it locally and try the bot... Currently my dotenv file is in gitignore so that would cause problems for someone who is cloning my repo.
For a bot that is deployed to Azure, there isn't that problem because the environment is secure while the bot can be communicated with across multiple channels.
There appear to be API keys checked in across two files:
Is there an alternate solution that might work better?