Reputation: 21015
Keeping production configuration files hidden from developers
I got to the part of my system evolution that I got some files that contains credentials for sensitive data, I'm using git based deployment via heroku, and would like to keep doing that easy way.
How can I remove a few configuration lines from one branch, keep it on the other and make sure it stays there when merge occur?
What the best practive here?
Upvotes: 1
Views: 71
Answers (2)
Reputation: 20929
I you were a Microsoft.NET shop you could use config file includes:
<connectionStrings configSource="HerokuSpecificConfigFile.config" />
Your publish profile transformation than would replace development connection strings with the include line above. This would allow you to keep HerokuSpecificConfigFile.config in your deployment remote only.
Upvotes: 0
Reputation: 37507
Sensitive data should not be in source control - you should use Heroku config variables which will then be exposed as environment variables in your application. Read more on the Heroku site at https://devcenter.heroku.com/articles/config-vars
Upvotes: 3
Related Questions
- Keep git secret config files from being pushed
- Hide credentials in a public repo, which is being used to deploy live
- How do I push sensitive files to Heroku but not on Github?
- Is it okay to add sensitive config to heroku.yml files and committing to Heroku's GIT repo?
- Where to store sensitive files for heroku platform?
- Hiding Confidential Data From Git But pushing to Heroku
- Heroku PHP development - Best practice to deal with production config file
- Deployment to heroku with "private" config file
- keep config file on heroku but remove from public repo on github?
- managing production credentials in heroku