Secure API Keys in a Chrome Extension

Looking into securing API Keys, first impressions of Supabase & how to handle extension Payments with Stripe & Lambda

Hey!

One question I often get particularly when using Firebase inside a Chrome Extension is how can I hide my API Keys?

Now, Firebase has security rules to help make this whole process smoother but in general this is a great question and one without a simple answer.

There are a few things you can do to try and make your code more secure, but it is almost impossible to ensure no one can view your API keys within your extension source code.

In my latest video I show a couple of methods you can use including a Lambda function, but ultimately the best method is to use your own secure server, to make authenticated calls without the need to share any API keys outside of that.

Away from API keys, I have also recently been looking into Supabase as a possible Firebase alternative. You can find my first impressions on the service in the video below, it’s a new service but definitely one to keep an eye on!

One more thing! If you have ever wanted to collect payments from within a Chrome Extension using Stripe I made a video recently showing how you can do this, also using Lambda as our backend.

As always if you have any questions just leave a comment or reply to this email as I’m always happy to help!

Best,

Rusty