How to securely store API keys

How to securely store API keys

Bruno Pedro Bruno Pedro

Bruno Pedro

25+ years professional experience, founder of several API companies, published author and speaker at API conferences.

发布日期: 2017年10月26日
+ 关注

In the past, I’ve seen many people use git repositories to store sensitive information related to their projects. Lately, I’ve also been seeing some people even announce that they’re storing API keys on their private GitHub repositories. I’m writing this article because I believe that people should understand the risks of storing API keys with your code.

This article is not intended to be read as a permanent solution to the problems you might have with storing API keys. Instead, it’s my own analysis of the problem and my suggestions on how to fix it. So, to begin with, what exactly is the problem with storing sensitive information near your code on a git repository?

Learn more why you shouldn't store API keys and secrets on both public and private repositories. Get to know solutions such as git-secret, BlackBox, and Docker secrets, that let you deal with the challenge of securely storing API keys and secrets.

Read the full, original article.


要查看或添加评论,请登录

Bruno Pedro的更多文章

  • Three Meaningful API Metrics
    2025年3月21日

    Three Meaningful API Metrics

    How can you improve an API if you’re not measuring its behavior? There’s no way to improve what you can’t measure…

    1 条评论
  • Data Models, Types, or Schemas?
    2025年2月14日

    Data Models, Types, or Schemas?

    This article was originally published in the API Changelog newsletter on February 14, 2025. Naming things is hard.

    2 条评论
  • Selectively Serving Your API Reference
    2025年2月8日

    Selectively Serving Your API Reference

    This article was originally published in the API Changelog newsletter on February 7, 2025. What are you looking for…

  • Are AI Agentic Workflows the Future of Automation?
    2025年1月30日

    Are AI Agentic Workflows the Future of Automation?

    This article was originally published in the API Changelog newsletter on January 30, 2025. Most integrations are just…

  • Non-technical API Design
    2019年9月3日

    Non-technical API Design

    Originally published on August 27, 2019, on my personal blog. Last week I published a tweet asking people that consider…

    2 条评论
  • What are Web APIs
    2017年11月13日

    What are Web APIs

    What exactly are Web APIs? Why are Web APIs so popular and widely used? Let’s first explore what APIs are so you can…

  • Best practices for securely storing API keys
    2017年10月31日

    Best practices for securely storing API keys

    In the past, I’ve seen many people use Git repositories to store sensitive information related to their projects…

  • 5 steps to API frustration
    2017年10月19日

    5 steps to API frustration

    This article is a satire that describes what often happens to developers that are looking for an API and want to…

  • API friction
    2017年10月18日

    API friction

    The concept of friction in products and applications is not something new and can be experienced by almost everyone…

  • Growing your business with an API
    2017年10月17日

    Growing your business with an API

    This article summarizes a talk I recently gave at the Nordic APIs Platform Summit in Stockholm, Sweden. The full title…

社区洞察

其他会员也浏览了