Hi there,
I was hard coding some API keys in my server code after discovering App Secrets.
Now I realise that someone has been using my API key, which I only posted there.
Is it server code safe for any external user? Would it mean that someone could access the server code?
Regards
My understanding is server side is not accessible by the client. But if there is a method that sends that api request to the client with the API key in the request, the client will be able to see the key.
Thank you for the response.
Already found that I leaked my API key by error sharing my project.
Bear that in mind when sharing your code with others!
Sorry to hear that!
I have definitely been there. I would suggest looking into Anvil Docs | Encrypting Secret Data Documents. It allows you to share your application without worrying about all your sensitive keys.
For anyone later reading this who tldr’d the Docs link above, the cliffnotes version is:
anvil.secrets.get_secret('StripeAPIkey')
To retrieve the secret information.
This way even if you share your app or you make a git clone public, theres nothing for anyone to have access to, unless they already have access to your anvil IDE.
(…by then everything would be up for grabs at that point so who cares)