I would like to restrict the term "Public keys" to refer to asymmetric encryption keys which can be made public without compromising security.
The only purpose of the keys Maps/Stripe encourage you to publicly put into your website is to guarantee it is talking to _your_ Google/Stripe account not someone else's. Obviously once you put them in your client they are of zero value in helping Google/Stripe identify you. The fact that Google allows you to use the same type of key they also use elsewhere to identify _you_ not _them_ was always incredibly bad design. Google already have the 'Project ID' which would have been the best thing to use.
It's been a while since I've used stripe but don't their keys start with sk_ for secret and pk_ for public?
I like that. Easy to tell if you should keep the key a secret or not.
They do, yeah.
(Although `pk` always freaks me out. Public or private?! Oh, right, the other one's "secret".)
Or is `sk` shared key and `pk` private key...
Honestly we should just always call them public and secret key to avoid confusion
I would like to restrict the term "Public keys" to refer to asymmetric encryption keys which can be made public without compromising security.
The only purpose of the keys Maps/Stripe encourage you to publicly put into your website is to guarantee it is talking to _your_ Google/Stripe account not someone else's. Obviously once you put them in your client they are of zero value in helping Google/Stripe identify you. The fact that Google allows you to use the same type of key they also use elsewhere to identify _you_ not _them_ was always incredibly bad design. Google already have the 'Project ID' which would have been the best thing to use.