BraveServiceKey is not a secret, can I hard-code a default value in open source Brave repos? Or, if
BraveServiceKey is a secret, how should contributors to Brave projects handle it?
*.brave.com domains require that requests include a valid
braveservicekey header. Unsurprisingly, some of those domains are used by code (e.g., tests) in various open-source Brave repos. At the same time, there’s no default value or instructions that I could find for how contributors should manage this key.
At least one repo treats
BRAVE_SERVICE_KEY as a “secret,” which puts me in a weird spot for a couple of reasons. First, because it’s… not a secret? A valid value for the key is shown in the original GitHub issue, and I know it’s valid because my Brave browser sends the same key. Second, as a would-be contributor, one interpretation of it being a “secret” is that I shouldn’t be hitting those endpoints, which is awkward considering that my browser hits those endpoints already.
A “friend” asked a similar question on Reddit and didn’t get an answer, so I figured I’d try this site instead.