Protect secret Bungie API key in destiny_spec.rb

[leftathome]

Even though there's not that much "damage" a bad actor could do with someone else's Bungie API key (besides maybe a DDoS?), it's still a secret that shouldn't be posted in a public repo. Best practice would be to store the API key in something like a documented environment variable that gets injected by Travis before it runs rake test.

At that point you would go to Bungie's API page, expire this key and generate a new one. That one would go into the Travis environment injector config page. Then all you need to do is update the README to note that people who want to run the specs need to supply their own API key in NAMED_ENVIRONMENT_VARIABLE.

[pdai1y]

Ahh yes, I looked over updating the specs with something like this since Bungie moved over to requiring a legitimate API key for each call. I'll get around to adding in what you've suggested as this key wouldn't work anyway (was just randomly generated to meet the 32 character requirement for supplying a key)

Thank you for the heads up!