How To Lock Down Your Api_key and Why It’s Important

Run your app without specifying API keys in the code

Photo by Jon Moore on Unsplash

Do you leave your keys inside your car in a big parking lot? No? Then why do you expose your api_key in your GitHub projects?

Deploying apps using Cloud services is the norm but it comes with security complexities. Cloud services require credentials, often in the form of API tokens.

Sneaky hackers search for these tokens to use as computing resources for mining cryptocurrency or to access sensitive data.

A common practice is scanning the web and public tools, such as GitHub, in the search of API keys which are unknowingly publicly accessible. This presents significant risks to both users and Cloud-service providers.