I've been chatting with folks on the Discord server about accessing REST services from your Mini Micro code (using the http
class).
There are a lot of really cool REST services out there, but many of them require some access credentials — typically an application code and a secret key, i.e. a long string of gibberish that's basically your password for the service. You don't want bad guys to get ahold of these credentials, because they could then use the service same as you do (accessing your data, racking up charges on your account, or whatever).
Trouble is, if you post your Mini Micro game somewhere, usually the player can just hit Control-C and inspect the code. You can disable Control-C using bootOpts.grfon, but if you forget to do this, or throw a runtime error, or if (for example) you want to post your code on GitHub, then you'll still have trouble.
I suppose you could store your credentials in a file and read them in at runtime, and set up your git or svn options to ignore that file (so it doesn't appear in the archive). Or you could store your credentials in bootOpts.grfon and read them out of env.bootOpts
. Neither of these will help if you let people Control-C break out of your game, or a runtime error breaks it for them, though.
So I'm pondering what should be the "best practice" for storing these kind of secrets, and whether we need to add some new feature to Mini Micro to deal with them. Any thoughts?