

Ask HN: How do you track your API keys from ending up on GitHub? - rgovind

I have seem many people leave twiiter, yelp, rotten tomatoes API keys on open forums like Github.  Is it aceepatbe if you are the API provider? What problems do you see?<p>Do you know how to mitigate&#x2F;detect this situation?
======
SEJeff
Pretty simply actually. I very strongly suggest rhat you and your entire team
read the 12 factor app methodology and take it to heart, especially section 3.

[http://12factor.net](http://12factor.net)

------
lstrope
Use environment variables and set those env vars on each machine that needs
API access.

I am assuming you need a server side solution.

------
boolean
Take a look at git-crypt. It enables encryption and decryption of files in
your repository.

