API key is written to initializer

Question

API key is written to initializer

mcfiredrill opened this issue 8 years ago · 2 comments

When running the install command, the localeapp.rb initilaizer is created and my API key is also written to it.

Its generally not a good idea to save secrets like your API key in your repository.
It would be nice if there should at least be a recommendation in the README for people to put the API key into an environment variable or something similar, use dotenv, etc.

Answer 1 · 2016-06-29T04:29:06.000Z

Hi @mcfiredrill,

Thanks for mentioning this, that's absolutely true: API keys should not be checked-in to the git repository.

I see 2 useful things that can be done here:

if a .env file is detected (used by dotenv, foreman, forego, etc...), add the API key as an environment variable to .env and use this environment variable in the initializer
otherwise, keep adding the API key to the initializer but add a warning output message (and maybe even a comment in the initializer)

We'll add this to our todo-list. Pull Requests are always welcome ❤️

Answer 2 · 2017-06-29T09:24:04.000Z

Fixed by #228
Thank you for your feedback !