Gatsby Netlify and secret keys in gatsby-config.js

Interfacing forms through an API like the Mautic API requires a public and secret key. Plugins that I’ve looked at like this one:
require the secret key to be in the gatsby-config.json file. This file is checked into the remote repo like gitlab to enable Netlify’s automatic deployment. What is it that I don’t understand about how this can possibly be secure? I could avoid checking it in but then I believe I would not be able to deploy to Netlify automatically through gitlab. I believe there has to be something I don’t understand but I don’t know what it is. Can someone provide some help here and direct me to material for reading and studying and/or tutorials?

hi there, maybe one of the posts below contains information that is pertinent for you:

If you still don’t have a starting point after working through those posts, post again here and we will try and find additional resources for you :slight_smile:

This seems perfect. I’ll do a deep dive when I get some time.
Thank you @perry

1 Like