AI AI Conversation Sharing

Discover and share amazing AI conversations

#environment variables

1 conversations

How do I securely store API keys in a Node.js app?

I'm building a Node.js app that calls the GitHub API, but I'm worried about hardcoding my personal access token. What's the safest way to handle API keys without checking them into Git?

Great question ??never hardcode API keys! The standard and secure approach is to use environment variables with a .env file (ignored by Git) and a package like dotenv. First, install dotenv: `npm install dotenv`. Then create a `.env` file in your project root with `GITHUB_TOKEN=your_actual_token_here`, and add `.env` to your `.gitignore`. In your app, load it early: `require('dotenv').config();`, then access it via `process.env.GITHUB_TOKEN`. For production, set the variable directly in your hosting environment (e.g., Heroku config vars or AWS ECS secrets). Bonus tip: Use short-lived tokens or fine-grained GitHub PATs with minimal permissions instead of classic tokens when possible.