Reputation: 607
Keeping API Credentials out of GitHub Source Control
I am writing an open source program that relies on the twitter API. When I make a commit I would rather not redact the keys every time. An idea I had was to create a credentials file and add it to the .gitignore file. Is this a viable solution or is there a better way?
Upvotes: 0
Views: 41
Answers (1)
Reputation: 5843
Another way would be to commit some version of the credentials file to git. Then add the secret information to the file, but tell git to ignore changes to that file with:
git update-index --assume-unchanged [credentials file]
The downside of this is that in this case, the ignore "command" has to be run on each individual clone of the repo (or at least those where the secrets are entered into the file).
Personally, I usually opt to just add it to .gitignore, but if I have a file where I only want to ignore parts of it, I do as described above.
Upvotes: 1
Related Questions
- GitHub Token - Restrict Access
- Dealing with secrets and source control
- restrict GitHub API access with least privilege
- Sharing github project without sharing API-Key
- How can I not push my API Keys/Credentials to Github, especially Public Repos
- Open source a project but keep API keys confidential
- Protecting APIs keys on Git-hosted Ruby project
- How to make sure API tokens & passwords stay off github
- Good way to develop Open Source without exposing credentials?
- Hiding OAuth consumer secret in public github repository and other sensitive data