Timeline for Strategy for keeping secret info such as API keys out of source control?
Current License: CC BY-SA 3.0
31 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 24, 2018 at 3:02 | answer | added | MatthewMartin | timeline score: 1 | |
| Jan 6, 2016 at 13:45 | comment | added | Ripped Off | Here's a recent Scott Hanselman blog post on the subject hanselman.com/blog/… | |
| May 29, 2015 at 18:40 | answer | added | scottyab | timeline score: 15 | |
| Dec 9, 2013 at 20:25 | comment | added | User | I remembered the other question as I read yours. It has 5000 views. This could be correlated. Let us delete our unnescessairy chat-comments. | |
| Dec 9, 2013 at 15:35 | comment | added | User | Possible duplicate: stackoverflow.com/questions/11575398/… | |
| Dec 9, 2013 at 12:07 | history | protected | CommunityBot | ||
| Dec 9, 2013 at 5:16 | answer | added | Ben Hyde | timeline score: 15 | |
| Dec 8, 2013 at 21:24 | answer | added | Kostas | timeline score: 4 | |
| Aug 8, 2013 at 6:18 | audit | First posts | |||
| Aug 8, 2013 at 6:19 | |||||
| Aug 7, 2013 at 14:08 | vote | accept | Ripped Off | ||
| Aug 7, 2013 at 14:06 | comment | added | Ripped Off | @Marek: They aren't. Which worked out for me in the end, as I've found it's nearly impossible to accomplish this with my stack :/ | |
| Jul 27, 2013 at 11:16 | comment | added | Marek Grzenkowicz | Do you mean tfs.visualstudio.com by TFS in the cloud? These repositories aren't public, are they? | |
| Jul 27, 2013 at 4:40 | answer | added | Adrian Schneider | timeline score: 0 | |
| Jul 23, 2013 at 20:19 | answer | added | David Freitag | timeline score: -2 | |
| Jul 23, 2013 at 19:28 | answer | added | Reactgular | timeline score: 10 | |
| Jul 23, 2013 at 18:39 | answer | added | Filipe Giusti | timeline score: 5 | |
| Jul 23, 2013 at 10:15 | answer | added | erickson | timeline score: 2 | |
| Jul 22, 2013 at 16:59 | comment | added | Ripped Off | @DonalFellows: Configuration files tend to live in the same project as the source code, and get published to the web along side of the built assemblies. | |
| Jul 22, 2013 at 16:22 | comment | added | Donal Fellows | Why are you trying to compile the key into the code in in the first place? It's usual to put that sort of thing in a configuration file. | |
| Jul 22, 2013 at 14:00 | comment | added | Ripped Off | @Dainius: Yes. I look at every single character my team codes. Seriously. I have no choice. I can't code blindfolded. Not reliably, at least. But I do, because I am my team. I'm the I in TEAM. There's one developer, and it's me. I'm him. Yes. I'm the guy who is going to screw this up if he doesn't do it right. Me. | |
| Jul 22, 2013 at 13:41 | comment | added | Dainius | so then you are verifying every commit and looking for every code line and every character, what they write? Because else, you know, they can put their own API key and ignore any config value. | |
| Jul 22, 2013 at 13:19 | comment | added | Ripped Off | @Dainius I don't trust my developers because I know them. Intimately. In fact, I'm intimate with myself at least... no, I'll let that one lie. But I know how easy it is to screw up, and how hard it will be to scrub history of said screwup. | |
| Jul 22, 2013 at 11:40 | answer | added | Ioannis Tzikas | timeline score: 29 | |
| Jul 22, 2013 at 8:58 | comment | added | Dainius | main question would be, why you don't trust your developers? If you can't trues so simple stuff as twiter key, how can you allow them to commit any code, that works with users/databases etc? | |
| Jul 21, 2013 at 23:33 | history | tweeted | twitter.com/#!/StackProgrammer/status/359093861022314496 | ||
| Jul 21, 2013 at 21:34 | comment | added | Rob van der Veer | BitBucket.org has unlimited private repositories. Free. And gitHub repository importer (keeps history) | |
| Jul 21, 2013 at 21:29 | answer | added | Lazy Badger | timeline score: 27 | |
| Jul 21, 2013 at 20:53 | comment | added | Philipp | When you want private source control without paying for it: git works pretty well locally. Using an online service does have the benefit of also being a very good backup, but a backup solution for your personal files is something every user should have who does any serious work with their computer. | |
| Jul 21, 2013 at 20:43 | answer | added | Philipp | timeline score: 132 | |
| Jul 21, 2013 at 20:24 | comment | added | David Sergey | You can make sure, that configuration file that holds your API key is not in source controlled directory, which will make it impossible to check it in in first place. | |
| Jul 21, 2013 at 20:18 | history | asked | Ripped Off | CC BY-SA 3.0 |