Clasp - Use environment variable secrets in Typescript for Google Apps Script development
One approach to keeping secrets out of version control in Google Apps Script is to use the PropertiesService:
Store the secret(s) using a function like this
function storeSecrets() {
PropertiesService.getScriptProperties().setProperties({
'secret1': 'mySuperSecretPassword',
'secret2': 'mySecretApiKey',
// etc...
})
}
You'll have to clasp push
this and run it just once from the editor (or clasp run storeSecrets
), then delete the function, all without committing to version control.
Once that's done you can access the stored secrets from your code with, e.g.
let apiKey = PropertiesService.getScriptProperties().getProperty('secret2')
Note that the secrets will still be accessible to anyone with edit access to your project; this workflow just keeps them from getting committed to version control.