Skip to content
Sign upLog in
← Back to Community

Hiding API keys?

Profile icon
Dart

So in my recent post i uploaded a game that uses a json store key, the only problem is i cant put it in an env file or the game cant find the key if you open it in a new tab or from the post. is there something im missing or is it impossible to hide the key this way? lang is python btw

Answered by Highwayman [earned 5 cycles]
View Answer
Voters
Profile icon
HeinThantThant1
Profile icon
Navinor
Profile icon
Dart
Comments
hotnewtop
Profile icon
Highwayman

Why can’t it find it?

Profile icon
Dart

@Highwayman
because technically the repl hides the env file from anyone who dosent have assess to edit the code try using an env file in a repl and run the code in a new tab and you will see what i mean

Profile icon
Dart

@Highwayman
here is the same code using an env file to get the key https://Minigames-with-env-file.zexogon.repl.run

Profile icon
Highwayman

@Zexogon
hm.. but looking at the error it doesn’t look like it)s about the token being absent. Are you sure it’s .env that’s messed?

Profile icon
Dart

@Highwayman
i mean it works in the editor because i can edit the code and see the env file

Profile icon
Highwayman

@Zexogon
what is in this dB? Maybe you can make it local with just like two changes or something.

Profile icon
Dart

@Highwayman
a lot of stuff

Profile icon
Highwayman

@Zexogon
mmmm what kinds of stuff. Like categories.

Profile icon
Dart

@Highwayman
{"result":{"AutisTune":{"expiriance":0,"expiriancerequire":500,"lvl":0,"money":600,"username":"AutisTune","value1":0},"Dart":{"money":87,"username":"Dart","value1":1},"Debug":{"money":257,"username":"Debug","value1":0},"JDOG":

Profile icon
Dart

@Zexogon
thats a snippet of it

Profile icon
Highwayman

@Zexogon
none of it looks like sensitive information, so you might as well make a local dB. 🤷‍♂️

Profile icon
Dart

@Highwayman
ehhhhhh

Profile icon
Dart

@Highwayman
id rather just be lazy and leave it bee

Profile icon
Highwayman

@Zexogon
then why don’t you just let the key be public?

Profile icon
Dart

@Highwayman
thats what i did buuuuut someone could potentially wipe the dB

Profile icon
Highwayman

@Zexogon
ok then how about this. (It’ll reduce the amount of code you have to refactor.)

Make a module for normal local store.

Make that module have the exact same api that you are using with json store.

Replace your dB initialization with the new module’s initialization.

Boom. Your done.

Profile icon
Dart

@Highwayman
see i wasnt the one who did the dB in the first place so i dont know how to set that up xD

Profile icon
Dart

@Highwayman
ill look into it though thanks

Profile icon
Highwayman

@Zexogon
ok. All I mean is make the functions and stuff the same as json_store_client in terms of the name and how you call it, but the internal implementation is your own.

Profile icon
Dart

@Highwayman
ok ill try for the full release of the game :3

Profile icon
Highwayman
Profile icon
CrazyVideoGamer

@Highwayman
... um what does this mean? "local store"? Sorry

Profile icon
Highwayman

Think of it like this:
something like Google drive or jsonstore.io: remote database (not stored on the same machine as the code is running)
files: local database (stored in the same machine as the code is running)

like if you did

def store_info(data): file = fopen("save.txt","w") write(file, data) def get_info: file = fopen("save.txt","r" return read(file)

that's like the worlds worst local db, but yeah.

but if you did:

# this is an entirely fake module of course, but I think it's clear what it does... import http_request from request as fetch def store_info(data): fetch("https://some_remote_db_url.com", data, method="PUT") def read_info(): return fetch("https://some_remote_db_url.com", "", method="GET")

it would be a remote db.

I hope that's helpful...? Not sure how to properly eplain this lol. probably best if you look it up.


@CrazyVideoGamez