Node.js w/ Express - Storing API Keys

Hey fellow campers!

I got tired of having my API Keys out in the open with the FCC projects. So, I started a side project to create a boiler plate node.js w/ express backend to store my API Keys. You can use it as you like and host it on any webhost of your choice. Let me know if you have any questions!


Whoa, I had similar thoughts just a few days ago and was going to do something similar on Glitch once I’m done with the current project. :smile:

I think it would be fantastic if you could create a boilerplate on Glitch so that it can be easily remixed. Most people who would use this are probably beginners and wouldn’t just have a Node server running somewhere, using Glitch also fits with the new curriculum, too. :slight_smile:

Hey, that sounds like a great idea. I haven’t used glitch, so I am unfamiliar with it. But I will definitely take a look at it and port it over if I can :slight_smile:

I see! I’m more than happy to help if you run into any trouble (not least because I want to hide API keys, too!)—you’ll probably be fine though because the default template is a Node/Express template. :slight_smile:

In addition, it’s worth noting that you can import from a GitHub repository with Glitch. The one limitation is that Glitch only uses Port 3000 and other ports don’t work at all (as far as I know).

Good luck!

Hey @honmanyau !

I got around creating a Glitch port and everything seems to be working fine. Check it out and use it to your heart’s content!

1 Like

Is this a boilerplate or a tutorial on how to use .env files?

A little bit of both. You can use it as a boilerplate and add APIs as you complete the FCC projects. It also shows you how to use the .env files to hide your API keys.

I wrote this tutorial on the topic as well:

1 Like

So it’s basically just a barebones ExpressJS project?

FYI: if you’re using something like Heroku you will need to make other adjustment through their dashboard.

Where are you hosting your apps?


For any webhost, they will require you to take additional steps, but a lot of that are covered in their documentation.

I personally pay for webhosting ($10 a month) on webfaction. For example, the require additional steps on running your node application via an SSH client. I also use the forever.js module to have my node application running 24/7 when the webfaction server resets.

Can you say t his in non-tech speak? I have a host that I use for a WP site, it is Site Ground with Cpanel…are more hosts allowing node applications to run?

What does the SSH client mean? and how does a javascript module allow your site to operate without the server also running?



A host, any host in general, are just servers. In reality, we can run servers and host our website (may it be wordpress, a simple website, etc.) with a computer. Now to have this host up 24/7, you will need that computer up and running at all times. This comes with maintenance and other important configurations we have to worry about. So we use web-hosting to cut out that management process.

Node.js is a server framework and it allows us to use javascript to run our code on that server to do things that help run our website and/or other server related things.

In my example of WebFaction, they give us the option to install node.js in our web applications. I am unsure on how SiteGround operates, but generally you can install node on any server as long as the web host allows it.

SSH client is just an application that allows us to connect to servers securely using the secure shell protocol. More on SSH here: This will allow me to run commands/scripts on the server through a terminal and provides me with flexibility on configuring my node.js webapplication.

These are just very simple explanations and I am in no way an expert. If anyone would like to chime in and add, it would be most appreciated :slight_smile:

1 Like

Many apologies for the delayed response, @deuscode!

I remixed your Glitch boilerplate and made small adjustments with the code to work with Dark Sky’s weather API—I’m happy to report that it’s working beautifully (I tested it on CodePen as well). Would definitely recommend it to anyone wanting to hide API keys! :slight_smile:



Awesome! I’m glad it’s working and helping in your projects!