Preventing the public from seeing my server.js file


#1

I have a file called server.js in my Glitch project that contains a private key that the public should not have viewing access to. Is there a way to make sure that only I and collaborators can see what’s in this file? Thanks!


#2

Hi @scheerio there absolutely is! You should put your key in the .env file in your project and then access it from Node using process.env.{variable_name} where {variable_name} is whatever you call your private key info in .env. Anyone viewing your project will be able to see the name of the variable but not it’s value - only collaborators you’ve invited will be able to see the value, and remixes from your project will also get a copy of your .env file with the values removed.

You can read a little more about it in our help docs.

As a precaution, if your key has been exposed publicly I’d advise you to change it after you removed it from your server.js file.

Let us know if you have further questions.