Menu
I want to make a private Github repo public, but the project includes OAuth data (used in Twitter auth) and database MySQL login details. Is there a common practise to easily hide the values or shall I just change them when committing to the repo? I guess thats the reason I'm asking as I'm likely to forget.
403
The only way to hide it is to proxy your request through your own server. Netlify Functions are a free way to add some simple backend code to a frontend app. This is this method I used while learning to program in college, where I needed to share my progress with my peer group without disclosing my API keys.
Because Git is distributed, other developers may preserve your secret in their own local copies of the repo. Of course, there's also the risk that your source code is leaked: in many cases this is a bad thing on its own, and it only gets worse if your repository contains any password or secret.
You could use GitHub secrets to store your Azure Credentials, Publish profile of your Web app, container registry credentials or any such sensitive details which are required to automate your CI/CD workflows using GitHub Actions.
GitHub ties repository secrets to only one repository. They're available to anyone with the collaborator role to use in actions.
If you can rewrite the history of your private repo (because of the limited number of collaborators), it would be best to:
The idea is, on checkout, to generate the actual files based on:
The more general idea is that sensitive data shouldn't be stored at all in a Git repo.
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
