Keep API Key secret
complete
M
Maxime Beugnet
I am using an external API Key which I stored in my Stitch Values and I also use a public Github repository to save my project.
Just like my Google Auth Token and Twilio Token are secrets, I would like to keep this API Key secret from the stich-cli import/export feature.
At the moment, the only workaround available is to override the "values/my_value.json" file with a dummy API Key every time I do a stitch-cli export so I can hide the real API Key value and avoid sharing it publicly.
Drew DiPalma
complete
Hi Folks – With our latest release we now have the concept of 'Secrets' within Stitch. These will allow you to work alongside values with sensitive details such as API Keys.
Documentation: https://docs.mongodb.com/stitch/values/
Bertrand THOMAS
I think it's ok now, we can store the secret value in "Secret" and reference it in the Value. Just did it and it's as I was expected!
Drew DiPalma
Drew DiPalma
Hi Sander – While we don't allow Stitch Values to be accessed via SDK, we are also working on an additional improvement to help hide sensitive values like API keys.
M
Maxime Beugnet
Awesome, thanks Drew!
Drew DiPalma
in progress
We have started broader work on improving code deployment that will also cover this functionality.
Drew DiPalma
planned
Hi Maxime – We are in the planning stages of an improvement that will address this.