Hide your API Keys with Netlify Functions

publié par Fabio Rosado le 8/16/2019

In March I published a tutorial on how to handle form submissions in Gatsby and using Airtable as your backend. I was pretty convinced that by hiding your API keys with process.env they would be hidden away from view.

The tutorials and the blog posts that I read, all said that your keys would be hidden if you just used process.env. In a way that is true and if you inspect the code on your browser the keys will be hidden.

Then Fran Caballero commented on my blog, saying that the keys would be shown in the network tab after you made the request. This happens because Airtable expects you to pass your API Key as a parameter in the header of your request.

As a reminder, the code from the tutorial looks like this:Read more