Why? Avoid ( ) committing ( ) your , or other ( ) to by storing them as environment variables. See the example like this accidentally exposing private keys passwords sensitive details by hard-coding in them in your script GitHub There is a story of a person who pushed aws keys to github: pushing API keys to GitHub can be an : Accidentally Expensive/Stressful Lesson https://www.quora.com/My-AWS-account-was-hacked-and-I-have-a-50-000-bill-how-can-I-reduce-the-amount-I-need-to-pay What is Environment Variable? An environment variable is a pair that is stored on the local system where your code/app is being run and is accessible from within your code. KEY=value How? Follow these steps: List all the Environment Variables Default $ printenv 2. For storing our secret data like tokens, API keys, passwords create a file named app-env export API_KEY="ABDJFdfrpf956irjglkfmgi5kgf"export TOKEN="213j29rhdfn94htrfuh94" 3. Source this file into local environment using source command $ source app-env 4. Now we can use these environment variable in our program as for example in : NodeJS Node.js gives you access to the variables defined in your environment in the global object. process.env So we can use process.env object to access our keys var api_key = process.env.API_KEY; 5. and last thing add app-env to .gitignore so this file is ignored to .git app-env This way we can use our keys and tokens in our local environment and be safe from getting these sensitive data exposed to others on Github.