DEV Community


Discussion on: How To Integrate A Rich Text Editor (WYSIWYG) In Your React.Js Project.

yezyilomo profile image
Yezy Ilomo

Good work. Just a reminder don't store your API key in your React App, save it in environment file like .env.local or .env.production as
and retrieve it by using process.env.REACT_APP_TINYMCE_API_KEY in your react App.

danielkun profile image
Daniel Albuschat

Good advice, but please don't believe that they are secured when you store them in env vars. They're still part of the JavaScript code delivered to the browser, and hence can be viewed by anybody, e.g. via DevTools.

emmaccen profile image
Lucius Emmanuel Emmaccen Author

Wow ! Real helpful feedback. I'll be sure to do that. Thanks for this 🙏🏽💯

grantwatsondev profile image
Grant Watson

This is something I need to remember to do. I have to refactor my repos on GitHub to remove them

prateekparmar0 profile image

Does it apply for next.js applications as well?I'm using it in a next js project.

emmaccen profile image
Lucius Emmanuel Emmaccen Author

Not so sure, currently the supported integrations are for Angular.js, Angular4+, Bootstrap, jQuery, Rails, Swing, WordPress, Vue, and React.js,

but you can keep an eye out:

anuraghazra profile image
Anurag Hazra

I think as long as those API keys are public keys those are fine.

Also note that you cannot hide API keys on FrontEnd because they will be included anyways in the production build

Just don't store any SECRET_KEYs in frontend

Forem Open with the Forem app