I am using ghost, i made an integration and i would like to hide the api key from the front-end. I do not believe i can set restrictions on the ghost cms (that would also work). And i do believe so page.js files are run on the browser also, so im a little confused on how to achieve this?
CodePudding user response:
You don't need to hide the key.
These keys are safe for use in browsers and other insecure environments, as they only ever provide access to public data.
CodePudding user response:
The interal sveltekit module $env/static/private
(docs) is how you use secure API keys. Sveltekit will not allow you to import this module into client code so it provides an extra layer of safety. Vite automatically loads your enviroment variables from .env
files and process.env
on build and injects your key into your server side bundle.
import { API_KEY } from '$env/static/private';
// Use your secret
Sveltekit has 4 modules for accessing enviroment variables
$env/static/private
(covered)$env/static/public
accessiable by server and client and injected at build (docs)$env/dynamic/private
provided by your runtime adapter; only includes variables with that do not start with the your public prefix which defaults toPUBLIC_
and can only be imported by server files (docs)$env/dynamic/public
provided by your runtime adapter; only includes variables with that do start with the your public prefix which defaults toPUBLIC_
(docs)