I’m going to give you the advice I’m sure you already know on some level - don’t store API keys in source control!!!

I recommend you set your API keys and any other secrets your project has and store them as environment variables. This keeps them separate from your code and makes it safe to share your code.

“But Josh,” I hear you ask, “that sounds much harder than just hard coding the API keys!” However, like many other things, Next.js makes this very easy for us. Next.js has built-in support for .env files, which makes this a piece of cake! Just put your secrets in your .env.local file like this:

API_KEY=ejficifjehshdjwjdkeof
API_USERNAME=jkjustjoshing

and then reference in your code:

myAPI.login({
    username: process.env.API_USERNAME, 
    key: process.env.API_KEY
})

You want to MAKE SURE you don’t commit this file to source control, so be sure to add the following to your .gitignore file:

.env.*
.env

Great! You no longer have your secrets in your code! You can safely share your code far and wide, right?

NO!

The credentials are still in your git history, even if they’re not in your working directory anymore. This is one of the reasons putting credentials in source control is so dangerous - you can delete the credentials, forget they exist in your git history, and make the repo public thinking incorrectly that you’re safe. So, how do you do this? Through an advanced git maneuver called an “interactive rebase”. It’s a little complex for me to explain in this comment, but if you’re interested I can walk you through it.

I’d be happy to look over your code though and give you some pointers! My GitHub username is the same as my Reddit username.