Swetha Subramanian     About     Research     Archive     CV     Portfolio

Hiding API keys and tokens

Every body who used an API has encountered the words ‘keys’, ‘tokens’ and ‘secrets’. It is important to keep these hidden to protect your access to these APIs from data villains (Maybe..I don’t know. I read some where that you needed to hide these.)

As a rabid git user, I soon started running into the possibility of commiting my scripts with secrets, tokens and keys all out in the open. So I started looking into hiding these. There are a lot of methods mentioned by internet people but adding them as environmental variables worked for me. I am posting the-how here as a note to myself. Note I use OSX Yosemite.

Add the keys, tokens etc as environmental variables to your .bash_profile. Run a locate command to find it first.

Append the key at the end of the file like this

echo export $KEYNAME=$KEYVALUE >> $PATH/.bash_profile

You might need to logout and log back in for it to become active. Or just execute the following command.

 source $PATH/.bash_profile

Type env at terminal to see if your variable is listed there.