Menu
I'm considering open sourcing the code for a live website of mine on Github. Up to this point, I've been storing the code in a private repo and my only concern is that there are a few configuration files related to my production environment (DB passwords, API keys, etc) that I don't want to be publicly visible.
What is the typical approach for open sourcing such projects without exposing private data? Do you just maintain two repo's, a public one and an identical private one with the added private data, occasionally merging between the two?
672
In the case of Git, I'd recommend you add rules to your .gitignore to ignore files that contain sensitive info (.hgignore for Mercurial). Try to keep the sensitive info in one place as much as possible (e.g. a settings file). If you worked with a web framework, this info is usually in one file (for example, in Django, there's a settings.py file with DB info, secret key, etc.) If you have sensitive info ingrained in various parts of your application, factor that info out into some kind of configuration file or object.
If you want people to still know where the data is coming from, include an example or dummy file with fake data with a notation somewhere (either in the file or in the README) that the file will have to be changed. You could then name the file, for example, settings.py.example and ignore the real settings.py.
Keeping multiple repos is a bad idea. Just leave out sensitive data and make sure you make it obvious that it is missing and what is missing, so that people can still reuse your work.
193
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
