10 Replies
in the browser? No
you have to use something on the backend
oh
there is no way ?
There is no way, no. Front end code is always viewable by the client. If you need anything to be secret it has to be on the back end
aright
tnx for help
everything that runs in the browser is visible to everybody
also, even if you hide it, the key can be extracted from the network requests
also, if the api is written properly, your api key will only work for the ip of your server, to reduce the possibility of abuse
In short you cant escape from learning backend:linux:
There are some shortcuts for projects you’re adding to something like cloud flare or netlify, they have a drawer to store your environment variables eg secret keys. But otherwise yes you’ll need to put them on the backend. And I know openai will revoke your key if you try to just leave it in the front end and your GitHub repo is pushed with it.
as it should
secrets are supposed to stay secret, and only stay secret if they don't leave the backend and aren't publicly available
also, you want to implement things like caching and rate-limiting and re-shape the data to be easier to consume from the front-end
and you only do that from the backend too
For sure, was just warning OP if they just try to risk it and push as is, there’s a chance it will be revoked anyway. I’ve also struggled with figuring out how to safely store env vars so I empathize with OP. I’m terrible with backend
i know what you mean, storing secrets isn't fun
but it is necessary
i know that just shoving everything into the front-end is easier, but ...