I am using ghost, i made an integration and i would like to hide the api key from the front-end. I do not believe i can set restrictions on the ghost cms (that would also work). And i do believe so page.js files are run on the browser also, so im a little confused on how to achieve this?
CodePudding user response:
You don't need to hide the key.
These keys are safe for use in browsers and other insecure environments, as they only ever provide access to public data.
CodePudding user response:
The interal sveltekit module $env/static/private (docs) is how you use secure API keys. Sveltekit will not allow you to import this module into client code so it provides an extra layer of safety. Vite automatically loads your enviroment variables from .env files and process.env on build and injects your key into your server side bundle.
import { API_KEY } from '$env/static/private';
// Use your secret
Sveltekit has 4 modules for accessing enviroment variables
$env/static/private(covered)$env/static/publicaccessiable by server and client and injected at build (docs)$env/dynamic/privateprovided by your runtime adapter; only includes variables with that do not start with the your public prefix which defaults toPUBLIC_and can only be imported by server files (docs)$env/dynamic/publicprovided by your runtime adapter; only includes variables with that do start with the your public prefix which defaults toPUBLIC_(docs)