Hey everyone,
I’m stuck and could use some advice. I’ve got this website up on GitHub Pages, and it’s supposed to grab info from my Airtable database. But now Airtable’s making us use these personal access tokens to get the data. I’m scratching my head trying to figure out how to make this work without sticking the token right in my repo or on the website itself.
Does anyone know a good way to handle this? I was thinking maybe GitHub Codespaces might help, but I’m not sure. Is there a better option I’m missing?
I really don’t want to expose my token, but I also need my site to keep working. Any tips or tricks would be super helpful. Thanks in advance!
I’ve dealt with this exact problem before, and I found a neat workaround. What I did was set up a small backend service on a platform like Heroku or Vercel. This service acts as a middleman between your GitHub Pages site and Airtable.
Here’s how it works: Your backend service holds the Airtable token securely. When your GitHub Pages site needs data, it sends a request to your backend service. The service then uses the token to fetch data from Airtable and sends it back to your site.
This way, your token never leaves the backend, and your GitHub Pages site can still get the data it needs. It’s a bit more complex to set up initially, but it’s way more secure than exposing your token directly.
Just remember to set up proper authentication between your site and the backend service to prevent unauthorized access. It’s an extra step, but it’s worth it for the peace of mind.
hey ethan, try using a serverless function (aws lambda or the like) as a secure proxy. it stores ur token and proxies airtable requests to your site, keeping token hidden. hope it helps!
I’ve encountered a similar issue with API keys and GitHub Pages. One effective solution is to use environment variables in combination with a CI/CD pipeline. You can securely store your Airtable token as a secret in your GitHub repository settings, then set it as an environment variable during the build process. This way, your token remains protected while still allowing your site to access Airtable data.
For implementation, you’d need to adjust your build script to inject the token into your JavaScript at build time, rather than runtime. This approach requires a bit more setup but provides a good balance of security and functionality for static sites like those on GitHub Pages.