jatin69
commented
6 years ago Considering the fact that your package is live and anyone can install it and use your API key, I don't see the point of hiding it in Github. The worst that could happen is someone will use your key in their apps, but because it's freely available, why would they do so? Simply mention the API service link and steps to create an API in case someone wants to extend the project or use it in their own. Then we can remove it from gitignore and Travis build will work. 🚀 Once we figure out a way to generate API key for users, which is unlikely for this project because of the underlying service, we can always hide it again. Think about it.
vaibhavsingh97
Describe the bug An API key should not be exposed to the public.
To Reproduce Right now I am maintaining
config.pyto use API key, and added to gitignore https://github.com/vaibhavsingh97/random-word/blob/759d68455c9d938e739e006013a37a61aa2a1ffa/.gitignore#L106This is the reason Travis CI build is also failing (https://travis-ci.org/vaibhavsingh97/random-word)
Expected behavior There should be someway we can use API key when the package is run else it's encrypted and have no value to the public
Additional context Adding JWT authentication and we can have API key without exposing to the public