Your AsterDX API keys are valuable and must be protected. Follow these steps:
config/config.user.jsonis automatically ignored by git- Template file provided for easy setup
- Docker containers use secure non-root users
- Environment variables supported for additional security
-
Copy the template:
cp config/config.user.json.template config/config.user.json
-
Add your real API keys:
{ "api": { "apiKey": "your_actual_api_key_here", "secretKey": "your_actual_secret_key_here" } } -
Verify git ignores it:
git status # config.user.json should NOT appear in changes
If you accidentally committed API keys:
- Immediately revoke keys on AsterDX
- Generate new API keys
- Remove from git history:
git filter-branch --force --index-filter \ 'git rm --cached --ignore-unmatch config/config.user.json' \ --prune-empty --tag-name-filter cat -- --all - Force push (DANGEROUS - coordinate with team):
git push origin --force --all
- Never share config files containing real API keys
- Use environment variables in production deployments
- Rotate API keys regularly
- Use separate keys for development and production
- Enable IP restrictions on AsterDX if possible
- Monitor API usage for unauthorized access
- Containers run as non-root user
- Use Docker secrets for production:
secrets: asterdx_api_key: external: true asterdx_secret_key: external: true
For additional security, use environment variables:
export ASTERDX_API_KEY="your_api_key"
export ASTERDX_SECRET_KEY="your_secret_key"Update your config to read from env vars:
{
"api": {
"apiKey": "${ASTERDX_API_KEY}",
"secretKey": "${ASTERDX_SECRET_KEY}"
}
}If you suspect your keys have been compromised:
- Immediately revoke the keys on AsterDX
- Generate new keys
- Review account activity
- Contact AsterDX support if needed
Remember: Security is your responsibility. Treat API keys like passwords!