71 | Secret Things, Env Vars, How to Handle API Keys Correctly

In this episode, James shares common mistakes people make with their API Keys and explains the appropriate way to handle them.SponsorsVercelVercel combines the best developer experience with an obsessive focus on end-user performance. Their platform enables frontend teams to do their best work. It is the best place to deploy any frontend app. Start by deploying with zero configuration to their global edge network. Scale dynamically to millions of pages without breaking a sweat.For more information, visit Vercel.comZEAL is hiring!ZEAL is a computer software agency that delivers “the world’s most zealous” and custom solutions. The company plans and develops web and mobile applications that consistently help clients draw in customers, foster engagement, scale technologies, and ensure delivery.ZEAL believes that a business is “only as strong as” its team and cares about culture, values, a transparent process, leveling up, giving back, and providing excellent equipment. The company has staffers distributed throughout the United States, and as it continues to grow, ZEAL looks for collaborative, object-oriented, and organized individuals to apply for open roles.For more information visit softwareresidency.com/careersDatoCMSDatoCMS is a complete and performant headless CMS built to offer the best developer experience and user-friendliness in the market. It features a rich, CDN-powered GraphQL API (with realtime updates!), a super-flexible way to handle dynamic layouts and structured content, and best-in-class image/video support, with progressive/LQIP image loading out-of-the-box."For more information, visit datocms.comShow Notes0:00 IntroductionYouTube Video RE: Mistakes People Make with API Keys6:42 API Keys7:37 Where do API Keys come from?8:57 Mistakes People Make with API Keys9:10 Mistake #1: Hard Coding the API Key Value11:45 Sponsor: Vercel12:53 Mistake #2: Adding an API Key to the .env file, but still exposing the key16:20 Mistake #3: Committing Your Key to Source Control17:59 What should you do about a leaked API key?19:38 Using .gitignore21:20 The Best Way to Handle Secrets22:57 Serverless FunctionsEpisode 57 - Authentication and Authorization and other Buzz Words29:55 Sponsor: ZEAL30:41 Where would you put a Bearer Token?31:40 Server Side Rendering33:49 Public API Keys37:20 Sponsor: DatoCMS38:13 Grab Bag Questions38:24 What's the best way to share environmental variables across different machines?38:35 What are the pros and cons of system environmental variables vs a KMS (Key Management System)?40:34 Picks and Plugs40:44 James's Pick: Sketcher's Tennis Shoes from Costco44:54 James's Plug: YouTube Video - 10 Things JavaScript Developers Have Stopped Doing45:26 Amy's Picks: James Clear 3-2-1 NewsletterAtomic Habits, by James Clear46:14 Amy's Pick: Keystone.js on Level Up Tutorials