[BUG] YouTube API key exposed in public repository

[Petsamuel]

Important !!!

I am writing to inform you that your YouTube API key is exposed in your public repository.

This is a security risk, as anyone who has access to the repository could also access your YouTube account.
I recommend that you immediately remove the API key from the repository and reset it.

Thank you for your time and attention to this matter.

[meananddraj]

Hi @Petsamuel, is there any other way to fetch youtube videos on runtime without exposing the youtube API key?

[Petsamuel]

For development - Yes, by creating using a dotenv on your local machine.

For production you can just upload it to vercel environment in the settings

[meananddraj]

yeah we can use .env file but we will need to use the NEXT_PUBLIC_ prefix for the Youtube API key environment variable so that it can be used in the browser.. other wise the API key cannot be used to fetch issues. And if the API key is exposing in browser then it means it is not secret anymore...

Do you any other approach so that we can fetch issues using the API key in the browser and at the same time it cannot be exposed. Your suggestion will be highly appreciated.

[Petsamuel]

There are different methods .... Here is a way for production ..!