Googlemap API Keys

[opalepatrick]

I am looking to hide a googlemap api key from general source code. The first suggestions were to use an environmental variable, then because that doesn't hide the info to then encrypt it. Others have suggested using a config file. (Can I put an array in the config file?) 

What do you guys do to hide API keys from general source code like this?

[teppo]

Perhaps we're talking about different things here, but isn't the API key for Google Maps included when loading the maps library -- i.e. it has to be visible in the HTML source as-is?

[LostKobrakai]

There are various different maps api's, so it might not be the one for the javascript map. 

On topic: You can store the key in any place you can exclude from source control, which is readable by php. The most common ones are probably .env files/ENV variables, or a config-something.php, which you include in your main config.php.

[monchu]

1 hour ago, opalepatrick said:

I am looking to hide a googlemap api key from general source code. The first suggestions were to use an environmental variable, then because that doesn't hide the info to then encrypt it. Others have suggested using a config file. (Can I put an array in the config file?) 

What do you guys do to hide API keys from general source code like this?

You don't have to hide it. In your Google Console Panel just add the domain name URL with wild card or only certain url addresses for that API.

[arjen]

If you use the JS API no need to hide. Just make sure you disable use on other domains.

[opalepatrick]

Thanks a lot. I thought I was over-complicating things . That scenario, Arjen, is the setup I use in the console. I just got a bit twitchy because of the points on this page - https://support.google.com/googleapi/answer/6310037?hl=en-GB - Thanks everyone for responding so quickly.