Hide API Keys from git and github

note that if you already accidentally committed sensitive info to your git history, it is possible to clean the history of the sensitive data, just takes a google search and you’ll find forum posts about it

  1. before doing your first git add . you want to take these steps
  2. create a file called sensitiveInfo.js or some name like that
  3. in this file, sensitiveInfo.js, you will put the apiKey variables and other sensitive info that you want to keep private


myApiKey = "aa55jjcc3322e"

myPassword = "33eeff4422"

4. make sure to include the <script src="sensitiveInfo.js"></script> tag above all other .js scripts, so that the variables you defined in ./sensitiveInfo.js will be available to the scripts below it.

5. now that you have created the javascript file that contains the sensitive info, you just need to create a .gitignore file, so in the terminal for example touch .gitignore THE . INFRONT OF .gitignore MAKES THE FILE HIDDEN. YOU CAN STILL SEE IT IN YOUR CODE EDITOR, OR FROM THE TERMINAL WITH ls -a

inside of the .gitignore file, add the file or folder name(s) that you want to hide from git.



thats all you have to do is put the filename(s) of the stuff that you want to hide from git, in the .gitignore file. If the file or folder you are hiding from git happens to be nested in another folder, put a / after the last character in the file name, so for example sensitiveInfo.js/

now that you have created a .gitignore file and added the file/folder name(s) to it, you’re good to go.

You should notice that when you do your first git add . and git commit, that the sensitiveInfo.js file is not included in the git history, and that when you push to github, the file/folder(s) you put in the .gitignore file will not be in the github repo.

be sure to document the variable name(s) and where to get the keys or what info needs to go in the specified variable(s) so that other devs can use their own sensitive info when working with your code.

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store