Home Arrow Icon Knowledge base Arrow Icon Global Arrow Icon How can I ensure my DeepL API key is securely saved in Google Sheets


How can I ensure my DeepL API key is securely saved in Google Sheets


Ensuring the secure storage of your DeepL API key in Google Sheets involves several steps and considerations. Here's a detailed guide on how to do it securely:

1. Avoid Hardcoding the API Key

Never hardcode your API key directly into your Google Apps Script. This is because anyone with access to the script can easily view the key.

2. Use Properties Service

Google Apps Script provides a Properties Service that allows you to store values like API keys securely. This service stores data in a way that makes it not easily readable in the script itself. To use it, you can store your API key as follows: 

javascript
function setApiKey() {
  var scriptProperties = PropertiesService.getScriptProperties();
  scriptProperties.setProperty('DEEPL_API_KEY', 'YOUR_API_KEY_HERE');
}

Then, you can retrieve the key when needed: 

javascript
function getApiKey() {
  var scriptProperties = PropertiesService.getScriptProperties();
  return scriptProperties.getProperty('DEEPL_API_KEY');
}

3. Use a Library or Separate Script

Consider creating a separate script or library that handles API calls and stores the API key. This way, even if someone accesses your main script, they won't see the API key directly. You can include this library in your main script and call functions that use the API key without exposing it.

4. DeepL API Key in Add-ons

If you're using an add-on like SheetsL for DeepL translations, the API key is typically stored in the add-on's user properties, which are secure and not shared with others[3].

5. Additional Security Measures

- Access Control: Ensure that only authorized users have access to your Google Sheets and scripts.
- Two-Factor Authentication (2FA): Enable 2FA for your Google account to prevent unauthorized access.
- Monitoring: Regularly monitor your API usage to detect any unauthorized access.

6. API Key Management Best Practices

Follow general best practices for managing API keys:
- Restrict API Key Usage: Limit your API key to only be used with specific services or domains.
- Rotate API Keys: Periodically update your API keys to minimize exposure if a key is compromised.
- Delete Unused Keys: Remove any unused API keys to reduce potential vulnerabilities[9].

By following these steps, you can securely store and manage your DeepL API key within Google Sheets.

Citations:
[1] https://www.reddit.com/r/GoogleAppsScript/comments/m730z4/how_to_reasonably_secure_an_api_key/
[2] https://www.dokin.co/blog-posts/how-to-protect-your-google-sheets-data-from-edits
[3] https://www.scriptable-assets.page/add-ons/sheetsl/
[4] https://www.vmix.com/help26/GoogleAPIKey.html
[5] https://coefficient.io/blog-how-to-password-protect-google-sheets
[6] https://github.com/DeepLcom/google-sheets-example
[7] https://stackoverflow.com/questions/67058774/how-to-add-api-key-to-the-google-spreadsheet
[8] https://teampassword.com/blog/the-risks-of-storing-your-passwords-in-google-sheets
[9] https://cloud.google.com/docs/authentication/api-keys-best-practices
[10] https://ask.metafilter.com/380991/How-Do-I-Secure-Sensitive-Financial-Data-Currently-in-a-Google-Sheet