Skip to main content
Software Engineering

Timeline for Strategy for keeping secret info such as API keys out of source control?

Current License: CC BY-SA 3.0

9 events
when toggle format what by license comment
Dec 9, 2013 at 23:31 comment added Steve Midgley @shabunc - good point on keeping config out of the SCM path. This is why, for example, Postgres allows you to bypass password checks by putting the password in a file. But they require that the password file be put in ~/.pgpass - which presumably is not a location that's very convenient to check into source control. They know, for automation, they have to give you a gun, but they work hard to keep you from shooting yourself in the foot with it..
Jul 27, 2013 at 0:24 history edited Lazy Badger CC BY-SA 3.0
formatting
Jul 24, 2013 at 5:14 comment added shabunc @LazyBadger - I know pretty well it is ignored. I also know that, being in repo, there's ALWAYS chance that somebody neverthless mistakingly will add it somehow to repo. Some external config path is way better.
Jul 24, 2013 at 4:03 comment added Lazy Badger @shabunc - RTFM! Ignored file not stored in repo
Jul 23, 2013 at 22:22 comment added shabunc No, no and once again - no! ignoring files is good for adding some very specific customization to build process or something, but it shoud never be used for storing any secure data. Don't store secure data in repo, even if you are ignoring it.
S Jul 22, 2013 at 14:24 history suggested Michael Mrozek CC BY-SA 3.0
Removed the totally unnecessary "mercurial is better than git" line
Jul 22, 2013 at 14:11 review Suggested edits
S Jul 22, 2013 at 14:24
Jul 22, 2013 at 13:15 comment added Ripped Off Hmmm... The git advice is good, and your agnostic advice gives me a good idea... I can use build events to introduce the file into the publishing process, then remove it after, thus helping to ensuring that it won't be accidentally added to source control..
Jul 21, 2013 at 21:29 history answered Lazy Badger CC BY-SA 3.0