Menu
I did ask a few devs on how do they ensure that keys and credentials files aren't pushed. They did give me few answers, but I didn't find anything consistent. Lets say there is a creds.json file in /config folder. What are the efficient ways to NOT push these credentials to Github.
Few of the answers I found online :
Blogs I read :
https://www.agwa.name/projects/git-crypt/
https://blog.roundingpegs.com/how-i-avoid-committing-passwords-to-github/
Is there any tool or a more efficient way such that I don't commit my keys accidentally to Github or warn me before I commit?
I would like you to give a summary of all the possible ways in which you can prevent keys from going to github. Examples to support your summary would be great.
228
The only way to hide it is to proxy your request through your own server. Netlify Functions are a free way to add some simple backend code to a frontend app. This is this method I used while learning to program in college, where I needed to share my progress with my peer group without disclosing my API keys.
I prefer storing them separately inside the host machine or a different folder and use them over an environment variable. Like that you have you cannot commit them accidentally.
Additionally you can use them in CI build. If you also need credential in CI build most systems provide encrypted variables which are stored encrypted on the build server and can be used as environment variables.
Like that I can use also different credentials for each local user or CI without changes in my code.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
