I've built a web application which uses spotify api and it uses client id and client secret which is present in main.py i.e on the backend side of my application to fetch data regarding songs. Now I want to deploy the app on heroku and want to know whether it will be safe to deploy it like this or should I move client id and secret somewhere else.

CodePudding user response：

Don't include the client id and the cilent secret into the code. Just add there a comment and the user can just add his own secrets.

CodePudding user response：

You can do few things here:

1. Store your client_secret within an environment variable source
2. Use some kind of secure storage to save it as Azure KeyVault an then retrieve it directly from your code