Where to save application keys for use in GraphQL resolvers in FastStore v2

hey everyone, has anyone created GraphQL resolvers in Faststore v2 following this documentation? https://www.faststore.dev/docs/api-extensions/extending-api-schema#extending-faststore-api-with-third-party-api-schemas

I managed to create a resolver to retrieve seller information through the /api/seller-register/pvt/sellers endpoint, where I use the X-VTEX-API-AppKey and X-VTEX-API-AppToken headers with their respective application key values.

my question is: where should I store these key values??

I understand that hardcoding them directly in the code isn’t an issue from the client’s perspective since the resolver runs server-side and the repository created in Faststore Onboarding is private — but it’s still not a good practice. I thought about using a local .env file and GitHub variables, but I couldn’t find a way to read those variables.

resolver code, with the account, key, and token values omitted:

export type GetSellerParams = {
  id: string;
};

export type GetSellerQueryResult = {
  getSeller: {
    id: string;
    name: string;
    logo: string;
    description: string;
  };
};

const sellerResolver = {
  Query: {
    getSeller: async (_: unknown, { id }: GetSellerParams) => {
      const url = `https://{account}.vtexcommercestable.com.br/api/seller-register/pvt/sellers/${id}?sc=1`;
      const response = await fetch(url, {
        method: "GET",
        headers: {
          Accept: "application/json",
          "Content-Type": "application/json",
          "X-VTEX-API-AppKey": "{appKey}",
          "X-VTEX-API-AppToken": "{appToken}",
        },
      });

      const data: GetSellerQueryResult["getSeller"] = await response.json();

      return data;
    },
  },
};

export default sellerResolver;

what version are you using ?

"@faststore/core": "^3.0.22"

Hi, Tiago! How’s it going?

The correct way to save the keys and tokens for your Faststore project is through vtex secrets setup.

We have documentation that explains how to go through this process: Setting up your VTEX account to save Secrets | FastStore

After completing this procedure, the tokens saved through this tool will be encrypted for reference inside the secrets.hidden.json file, but they’ll be accessible via process.env.<VARIABLE_NAME>, which can be declared throughout the project so that the decrypted value of the variables is accessed by the code without being exposed in the repository.

If you have any questions about this, just let me know!