How should I store my API key on Heroku so that it still stays secret instead of embedding in web page code

I have built a Flak app, locally I have stored it as environment variable, but I do not know how should I store my API key on Heroku so that it still stays secret instead of embedding in web page code?

Solution

You can store your api-key as environment variables as these are perfectly secure:

go to you local folder and run heroku config:set key_one=value_one key_two=value_two and more.

Note: run above commands in the same folder which points to your repository.

once you set the environment variable you can access this key value pair in you code directly as:

var api_key = process.env.key_one;

Examples of Ruby on rails + aws congnito
How should I set my DATABASE_URL?
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Permission denied (publickey) when deploying heroku code. fatal: The remote end hung up unexpectedly
why my cli give an error when I pushing my app?
Failed openWeatherMap API call
Heroku Rails deploy fails with error "could not connect to server: Connection refused"
Running Django custom manage.py task on Heroku - Importing Issues
zsh: parse error near `\n' when Adding AWS keys as environment variables
Connect an Authenticator App with Heroku results in "That code is invalid or expired. Try another."
Nginx reverse proxy to Heroku fails SSL handshake
Permission Denied While Running .sh Script in Docker Container with Heroku Dyno Deployed with Github Actions
IP Address Mismatch on signing into Heroku CLI
How do I access a private github repo from heroku?
Migrate PostgreSQL database from Heroku to Railway
Resource 'corpora/wordnet' not found on Heroku
Heroku: How to release an existing image in gitlab CI/CD?
Django Celery Redis
getting YN0028 The lockfile would have been modified by this install, which is explicitly forbidden. using yarn berry and heroku
Heroku Nodejs app with R10, H10 and H20 errors
The argument 'path' must be a string, Uint8Array, or URL without null bytes. Received '\x00@astro-page:astro/assets/endpoint/node' on Heroku deploy
How to hide databases that I am not allowed to access
Where do I get a CPU-only version of PyTorch?
Django email sending on Heroku
'matplotlib' has no attribute 'cm' when deploying an app
Inconsistent ClassCastException for XmlBeans.Factory parse method
Settings.py cannot find psycopg2... squlite3 and postgresql problem... no such table: auth_user
Permission problem with heroku stack build locally with docker compose on ubuntu 24.04
How do I get my heroku app's node version?
Getting ERR_MODULE_NOT_FOUND in my Heroku App but working fine in localhost