Closed vaibhavsingh97 closed 6 years ago
Considering the fact that your package is live and anyone can install it and use your API key, I don't see the point of hiding it in Github. The worst that could happen is someone will use your key in their apps, but because it's freely available, why would they do so? Simply mention the API service link and steps to create an API in case someone wants to extend the project or use it in their own. Then we can remove it from gitignore and Travis build will work. 🚀 Once we figure out a way to generate API key for users, which is unlikely for this project because of the underlying service, we can always hide it again. Think about it.
@jatin69 You are right, at least we can prevent from exposing who will install the new package. I am looking for alternatives we can hide it anyway. Let's see if anyone has the better solution.
Simply mention the API service link and steps to create an API in case someone wants to extend the project or use it in their own
Yes, I will add it. As you can request your API key but it takes 7-10 days to get delivered in the mail after your requests for an API key. 😅
This SO post might help.
@jatin69 Thanks for the link and now Travis Build is passing 🎉
We can close this issue now if it's done. 😄
Closing since it resolved by https://github.com/vaibhavsingh97/random-word/commit/ce30a78cc0424ea1991795dea6fc0573e2338058
Describe the bug An API key should not be exposed to the public.
To Reproduce Right now I am maintaining
config.py
to use API key, and added to gitignore https://github.com/vaibhavsingh97/random-word/blob/759d68455c9d938e739e006013a37a61aa2a1ffa/.gitignore#L106This is the reason Travis CI build is also failing (https://travis-ci.org/vaibhavsingh97/random-word)
Expected behavior There should be someway we can use API key when the package is run else it's encrypted and have no value to the public
Additional context Adding JWT authentication and we can have API key without exposing to the public