I would say, maybe, that it makes these just a bit less obvious if not pushed in the repo. Exposed in it would be still a bit more clearer than being part of the bundle.
Furthermore doing so, you would also avoid having your configs being duplicated each time someone fork your repo.
Finally, worth to notice, GitHub automatically send emails to author in case a token is pushed in a public repo. I guess to prevent tokens being wrongly exposed.
I get your point. It's similar to the job done by obfustacing your production code. Maybe having a little warning at the top of the article about this not being a full security measure could be helpful for, mostly newbie, readers.
Totally agree with you Sebastián.
I would say, maybe, that it makes these just a bit less obvious if not pushed in the repo. Exposed in it would be still a bit more clearer than being part of the bundle.
Furthermore doing so, you would also avoid having your configs being duplicated each time someone fork your repo.
Finally, worth to notice, GitHub automatically send emails to author in case a token is pushed in a public repo. I guess to prevent tokens being wrongly exposed.
But like I said, fully agree with you.
I get your point. It's similar to the job done by obfustacing your production code. Maybe having a little warning at the top of the article about this not being a full security measure could be helpful for, mostly newbie, readers.
Good point 👍 I have added a note in the concept chapter about it.
Thank you for your feedback 🙏