Is the method of store masterkey safe

[kulame]

We write the master key in the JS page. If the master key is stolen by hackers, will the whole search engine be attacked?

[brunoocasali]

Hi, @kulame I'll let @bidoubiwa answer you in more detail if needed, I'm just stepping in because she is on holiday.

⚠️ ⚠️ PLEASE, DO NOT PUT YOUR MASTER KEY IN YOUR FRONT END!! ⚠️ ⚠️

Yes, if your master key was "stolen" by anyone the search engine will be accessible by the person with the key. We don't recommend using the master key for searching in the front-end, you could generate a new key that fulfills this purpose and does not expose your meilisearch instance.

You could read more here:
https://docs.meilisearch.com/learn/security/master_api_keys.html#protecting-a-meilisearch-instance

[bidoubiwa]

Hey @kulame, to emphasis @brunoocasali: you should never use the master key in your front end. User can add documents, delete indexes, etc..

Was there a specific place in the documentation that used the maskerKey in the code example? Do you think we should emphasis more on which key to use?

Thanks a lot for you feedback :)

[bidoubiwa]

I'm closing the issue due to inactivity. Feel free to answer if you'd like to