API Keys should be private.
Storing API Keys, or any other sensitive information, in a public project is a big no-no. Thankfully, there are many ways to securely store API keys. Below are just a few.
File Structure: .gitignore
A gitignore
file specifies intentionally untracked files that Git should ignore. Each line in a gitignore
file specifies a pattern. When deciding whether to ignore a path, Git normally checks gitignore
patterns from multiple sources, with the following order of precedence, from highest to lowest (within one level of precedence, the last matching pattern decides the outcome):
Patterns read from the command line for those commands that support them.
Patterns read from a
.gitignore
file in the same directory as the path, or in any parent directory, with patterns in the higher level files (up to the toplevel of the work tree) being overridden by those in lower level files down to the directory containing the file. These patterns match relative to the location of the.gitignore
file. A project normally includes such.gitignore
files in its repository, containing patterns for files generated as part of the project build.Patterns read from
$GIT_DIR/info/exclude
.Patterns read from the file specified by the configuration variable
core.excludesFile
.
Which file to place a pattern in depends on how the pattern is meant to be used.
Patterns which should be version-controlled and distributed to other repositories via clone (i.e., files that all developers will want to ignore) should go into a
.gitignore
file.Patterns which are specific to a particular repository but which do not need to be shared with other related repositories (e.g., auxiliary files that live inside the repository but are specific to one user’s workflow) should go into the
$GIT_DIR/info/exclude
file.Patterns which a user wants Git to ignore in all situations (e.g., backup or temporary files generated by the user’s editor of choice) generally go into a file specified by
core.excludesFile
in the user’s~/.gitconfig
. Its default value is $XDG_CONFIG_HOME/git/ignore. If $XDG_CONFIG_HOME is either not set or empty, $HOME/.config/git/ignore is used instead.
The underlying Git plumbing tools, such as git ls-files and git read-tree, read gitignore
patterns specified by command-line options, or from files specified by command-line options. Higher-level Git tools, such as git status and git add, use patterns from the sources specified above.
Version Control: git-secret & git-crypt
git-secret is a tool that works on your local machine and encrypts specific files before you push them to your repository. Behind the scenes, git-secret is a shell script that uses gpg to encrypt and decrypt files that might have sensitive information.
Very similar to git-secret is git-crypt however it is a bit different. The first thing to notice about git-crypt is that it is a binary executable and not a shell script, as git-secret is. Being a binary executable means that to use it you first have to compile it, or you need to find a binary distribution for your machine.
Thanks for reading!
Connect with me on:
My Site – https://htmlbyshanell.com/
GitHub – https://github.com/HTMLbyShanell
YouTube - https://www.youtube.com/channel/UC3EaLC-43IlJYMcykUBnkog/videos
LinkedIn – https://www.linkedin.com/in/shanellspann/
Comments
Post a Comment