Push a file to Heroku that's not in my git repo.

Question

Problem:

I have a passwords.py that I need to push to Heroku for my app to work, but I cant commit it to my public git repo because then anyone would be able to view my passwords.

The passwords are tokens / secert_key's / other_api_keys to allow my app to authenticate its requests to 3rd party apis. I'm storing them in base64 encoding in the passwords.py, but if I push it to git encoded anyone would easily be able to see the passwords with b64decode().

How can I push my passwords file to Heroku with out including it in my public git repo?

or

How can I securely store my passwords in my public git repo?

What I've tried:

• git push only one file to Heroku
• Hiding a password in a python script (insecure obfuscation only)

Git pushing single file doesnt seem to be an option. While using any similar method to encode/decode the passwords would only give me a false sense of security. Any ideas on how to solve it? Thanks!

Answer 1

Use environment variables! You can access them from your python scripts, and heroku lets you easily set them for your app.

Here is some information about setting config vars in heroku.

Answer 2

Create a second branch containing the file. Do not track it on your public repository.

Whenever you need to push to heroku, rebase that branch to master and then push that branch to Heroku.