How to handle private keys.
Hi,
I have a question. I want to do a
POST request to my server with my API key from my .env.
I added the key to my runtimeconfig (see screenshot).
I uploaded the website to Netlify, set there my env vars, and tried to POST my function. But I get a 403 because my key isn't pushed? What am I missing?
When I paste the key as a string in my const client = .... everything works fine.
11 Replies
Where do you create the client?
Private keys are only available on server side
In my
register.vue
How can you do it else than?Well
Either publish the key or write a “wrapper API” via nitro
Should the token be secret?
Yes
I thought you could "just" add .env. variables in netlify and then use process.env.KEY
And call those in your /pages/template.vue
The point is
If you need to call that on the client side, there is no way without storing the key in the frontend
or calling an API which “Proxies” the request to directus with the key
The latter will keep your keys safe
Why does the key need to be secret? What kind of token is it?
In this particular case it doesn't need to be secret
But say we use an API key of Mapbox or so
Then you want that secret because otherwise anyone can use your token
How would you handle with that case? @manniL / TheAlexLichter
Do something like this? https://stackoverflow.com/a/69624163
Stack Overflow
How to use a private API key with Nuxt (on the client)?
Problem Solved
If you're struggling with the same issue, look at the accepted answer which is one way to achieve it by using serverMiddleware
I'm using an API which required a private key. I've st...
You usually have a domain lock on these
Yes, kinda
Unknown User•2y ago
Message Not Public
Sign In & Join Server To View
Yes. Same idea!
I found the Nuxt API Party module to be great for handling secret API keys. You could look into that.