Hiding Sensitive Info in React and Rails

In order to secure sensitive information such as API keys from other people’s eyes, it is imperative that you hide them from your public repository. You do not want your keys visible in any of your public commits. There are simple processes you can take to hide sensitive information in both your React frontend application as well as your backend Rails application.

Hiding API Keys in React

There is a very simple way to hide your API keys if you built your React application using create-react-app:

  1. Create a new file named .env in the root of your React application.

Hiding Keys/Secrets in Rails

This example is how I hide my Github Key and Secret when utilizing Omniauth for third party user authentication:

  1. Add dotenv-rails to your Gemfile. Then run bundle install.

Using Hidden Keys in Heroku

In order to utilize your API/hidden information when your app is deployed live, follow these steps:

  1. Once your app is successfully deployed on Heroku, click on the Settings tab.

That’s it!

Find me on Github:

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store