API keys and password Security

Hi There!
How can I protect my API keys and password written in the code of a public repository?

Don’t put them in code, use a credential/key vault :slight_smile:


Hi guys, on the same topic. Would it be possible to make it work on the published link? I created a js file with the key and added to .gititgnore which works fine locally but on GitHub preview it doesn’t work…

You mean it was added to the repo and already exposed?

If so then your only choice is to remove it and re-write the repo history (https://rtyley.github.io/bfg-repo-cleaner/). As well as changing it to a new value.