I'm planning to release on my GitHub account some projects related to the articles I'm writing.
The problem is that for these projects I need some private key that I don't want to share on the web. What's the best strategy for you?
I was thinking to have a local config file with the real keys and put that file under gitignore. But If I do so, I'll not be able to get them if I need to work from another PC.
How have you overcome this problem?
Top comments (3)
Best practice is to never commit any sensitive data (e.g. keys) to any repo. Ignore the file like you said and store a copy somewhere safe (DropBox, OneDrive, iCloud, whatever you use).
Note that if youโve ever committed a sensitive file to a repository itโs still stored in the repository history. You have to use something like bfg to clean out sensitive files before making the repo public.
Luckily I have published only versions with
<your-key-here>
values.So the best way is to ignore the config file, use it for local development and store a copy outside... Uhm, it looks cumbersome, but it makes sense
Maybe you can use Azure Vault :) ?