Implement security best practices for Gamma integration.
Use when securing API keys, implementing access controls,
or auditing Gamma security configuration.
Trigger with phrases like "gamma security", "gamma API key security",
"gamma secure", "gamma credentials", "gamma access control".
Security best practices for Gamma API integration to protect credentials and data.
Prerequisites
Active Gamma integration
Environment variable support
Understanding of secret management
Instructions
Step 1: Secure API Key Storage
// NEVER do this
const gamma = new GammaClient({
apiKey: 'gamma_live_abc123...', // Hardcoded - BAD!
});
// DO this instead
const gamma = new GammaClient({
apiKey: process.env.GAMMA_API_KEY,
});
Environment Setup:
# .env (add to .gitignore!)
GAMMA_API_KEY=gamma_live_abc123...
# Load in application
import 'dotenv/config';
Step 2: Key Rotation Strategy
// Support multiple keys for rotation
const gamma = new GammaClient({
apiKey: process.env.GAMMA_API_KEY_PRIMARY
|| process.env.GAMMA_API_KEY_SECONDARY,
});
// Rotation script
async function rotateApiKey() {
// 1. Generate new key in Gamma dashboard
// 2. Update GAMMA_API_KEY_SECONDARY
// 3. Deploy and verify
// 4. Swap PRIMARY and SECONDARY
// 5. Revoke old key
}