Should I commit sandbox credentials to a private repo?

Question

Trying to get some insights here. Should I commit credentials for the test environment? Like API tokens for sandbox environments of third-party APIs, or maybe even the test database password (supposing it's an external database of sorts)?

My security paranoia advises me to never commit any credentials of any kind. And were it an open-source project, I'd certainly go that way. But a private repo with controlled access... It would be much easier to just commit the test credentials and let people with access to the repo use it, for local testing and things like that.

Answer 1

It's generally not a good idea to do this, even for private repos. There are various ways parts of your repository may leak (e.g., laptop theft), and while that would be unfortunate, it's not as bad as if you have a leak and also the attacker has credentials to your test environment. They could then possibly gain a foothold in your network or services, leverage it to extract additional information, or cause excessive usage or costs for your company. Minimizing the damage an attacker can do in the event of a compromise is prudent and a good security policy.

What some companies choose to do is have a general shell server for employee use and a way to access the credentials (e.g., fetching them from a Vault instance) that are needed to access services, which helps reduce the scope of credential use. Whether this particular approach is suitable for your network, I can't say, but a similar approach may meet your needs.