The key I'm talking about is
<script src="https://maps.googleapis.com/maps/api/js?key=PUT_YOUR_API_KEY_HERE"></script>
I would like to commit my file with the key so that users will be able to use my Google Map straight away.
Asked
Active
Viewed 4,313 times
2
Matt Komarnicki
- 5,198
- 7
- 40
- 92
3 Answers
11
If you configure the referrers for your Google Maps Javascript API v3 key such that it only works on sites you own, there is no security issue with making it publicly available. You have to do so when you put it in a publicly available web site.
geocodezip
- 158,664
- 13
- 220
- 245
-
Can you go into detail on how I could restrict it? – xjcl Jul 21 '21 at 22:12
-
That is another, new (and probably duplicate) question. It is described in the documentation, on the page where you create the restrictions. If you are having issues, describe them and provide details on your research, what you tried that didn't work. – geocodezip Jul 22 '21 at 02:12
-
Then why does github mark it as a security vulnerability? – Ozymandias Jun 06 '22 at 21:37
-
A key that is not restricted in a public github repository could be exploited. Is that github warning specific to google maps? or to any key in the source? – geocodezip Jun 06 '22 at 21:42
-1
No, it not safe. I suggest you create a api key only for test purposes.
Ryniere Silva
- 443
- 2
- 9
-
So the answer is - yes I can, but that key should be different from the one I will use on the production, right? :) – Matt Komarnicki Oct 24 '15 at 00:48
-
Yes, the problem is other people using your key and consuming your quota. – Ryniere Silva Oct 24 '15 at 00:49
-2
No use a config file. It is not recommended to trust your api keys security on github even if its a private repo. There are bots crawling github repo's every second
elcapitan
- 145
- 1
- 2
- 13