I have a simple html page that connects with a js file and makes api calls to gihub api, Although it works very well in my local environment as soon as I push the repository to github my PAT(personal Authentication Token) on github expires as it is now exposed to public. And my html webpage goes down as now it is not authenticated make calls to api. How can I solve this issue I want to host my html and js file online, but there is no way I can hide the PAT as its only javascript and not nodejs so there is no dotenv. Is there any way??
I tried to change the API key to PAT as chat gpt suggested this but it expires as soon as I push to the github.
There's no secure way to store secrets such as a PAT in a static site, such as one hosted on GitHub Pages. The reason is that you send all the content in the static site to the user, and the user should not have the secret. Obfuscating it is not sufficient, since it's easy to extract.
If you want to use a PAT or other secret, then a backend server is required to do this securely, since the secrets must be stored there.