I have a JS app - a newsletter signup form using mailchimp. It requires mailchimp api key and audience key which I had included in the app. I uploaded to github and that updates heroku and the app worked fine on heroku, briefly. Then mailchimp emailed me to say they had detected I had made api key public so disabled it. Git repository is public - guess I could make private as an option.
I figured I could put the keys into a config.json file and have the script get the info from there. Thats what I tried and put that filename into .gitignore so this would not go to github. However since heroku updates from github, it cant find the config.json file. If I dont put that file into .gitignore then the config.json file will be on github and again my api key will be public.
What should I be doing to keep api keys confidential while still being able to use github to update heroku?
CodePudding user response:
What you are looking for are config variables After you added them you can load them just like any other environment variables.
