I was reading my daily dose of Dev.to today when I found one of that projects that make you say: Woah, I need to see the code. So, I went to GitHub and started to see the commits. Sadly, it was a finalized project commit, so that I couldn't see the story behind the app... But I noticed something terrifying for any dev, and it was that this user committed all his secret keys!
At first, I was planning to leave a comment. I mean, it wasn't bad intentioned. But then, I thought about it, that's dangerous too!
So I decided to write this post so that other users will have a friendly reminder in their daily feed.
With personal projects, we tend to be very laidback with the commits we do(I have committed "fixed a semicolon, should work now"), but all we commit are saved on our project's history. EVERYTHING.
For that reason, we need to be careful to commit any sensitive information to Github, especially if we will use public files. (I made the same mistake in the past).
I don't want to go into much detail; every language has a slightly different implementation. And the complexity of the solution may also be different depending on how big your project is.
But the answer I would give 9/10 times would be .env or other files that you instantly add into the .ignore file.
Link to another dev.to post that explains it: https://dev.to/mojemoron/the-environment-variables-pattern-4dai
Again, be careful and happy coding!