Reputation: 1710
What is the best practice for publishing settings without private data?
I have a settings.json file containing a bunch of information including username and password for the application I'm creating. Something like:
{
"application": {
"username": "someuser",
"password": "somepassword",
}
}
I am fairly new to software development especially making open source applications and deploying them so I would like to know what is the best practice in this case. Let's say I'm publishing it on GitHub and I would like the settings.json to be available as well with the correct structure but not containing my private data. However, I would like to have it locally with the data because I use it for testing.
Should I have two files maybe settings-local.json and settings-prod.json or what?
Thank you.
Upvotes: 2
Views: 63
Answers (1)
Reputation: 943214
Have a example-settings.json file with dummy data in it.
Have as many settings-ENVIRONMENT-NAME.json files as you have different environments.
Add settings-* to your .gitignore file so that real credentials do not get published by accident.
Include clear instructions (e.g. in your README) on how to name the real settings files.
Upvotes: 1
Related Questions
- Django uploading to Github, any important variables besides secret_key to keep a secret/protect?
- How can I hide database credentials from ASP.NET core appsettings.json file in a public github repository?
- How do you handle sensitive data in a public git repo?
- How can I protect my 'key.json' file from being updated on Github?
- Using secrets in GItHub workflows for private repositories
- Strategy to avoid storing secret web.config settings on github
- How can I not push my API Keys/Credentials to Github, especially Public Repos
- Should I avoid having secret keys in a private git repository?
- Open source projects: what to do with private/secret config data?
- Correct way to protect a private API Key when versioning a python application on a public git repo