Hey everyone,
I’ve got a website on GitHub Pages that gets data from Airtable. The thing is, Airtable now wants us to use personal access tokens for data queries. I’m not sure how to handle this without putting the token in my repo or on the site itself.
Does anyone know a good way to do this safely? I was thinking maybe GitHub Codespaces could help, but I’m not sure.
Any tips or tricks would be super helpful. Thanks!
hey, have u tried using environment variables? u can set them up in github actions and access em in ur build process. that way ur token stays hidden. just make sure to encrypt it in the repo settings. it’s a bit tricky to set up but works great once you figure it out
Consider implementing a backend service using something like Firebase Cloud Functions or Heroku. These platforms allow you to create a simple API that can securely store your Airtable token and handle requests from your GitHub Pages site. Your frontend would then communicate with this intermediary service instead of directly with Airtable. This approach adds an extra layer of security by keeping your token off the client-side entirely. It also gives you more flexibility to add additional logic or caching if needed in the future. While it requires a bit more setup initially, it’s a robust solution that scales well and keeps your sensitive data protected. Remember to implement proper CORS settings on your backend to ensure only your GitHub Pages site can access it.
I’ve faced a similar challenge with securing API keys for a static site. One approach that worked well for me was using a serverless function as a proxy. I set up an AWS Lambda function that holds the Airtable token securely. My GitHub Pages site then makes requests to this Lambda function, which in turn queries Airtable and returns the data.
This way, your token never leaves the server-side environment. It does add a bit of complexity and potentially some minimal costs, but it’s a solid solution for keeping your credentials safe. Plus, it gives you more control over rate limiting and caching if needed.
Another option to consider is using a service like Netlify or Vercel to host your site instead of GitHub Pages. They offer built-in environment variable management for API keys, which can simplify this process significantly.