I tried to see if I could get other people Mongo Database connection string by just searching for it on GitHub search. Yes, I found a few.
I tried...
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
While this is an excellent example of something wrong that happens with every developer, I have found that sometimes I need to rewrite the git history. I have found an excellent answer to this here: stackoverflow.com/questions/437623...
You're a savior 😘
Thanks man, I guess I need to do the same 🤣🤣
I have spend the past week pondering this after the near fatal mistake. Glad I'm not the only one who has forgotten gitignore or wondered about searching git. I worry more about keys and secrets since I work alot with algo trading bot. This could wipe out a trading bot.
exactly 😊
I was using Mongodb for personal projects, using .env to store the Mongodb url. Now I started a job where they use SAM, and one of the nice things is that the template doesn't have any endpoints, secrets etc. so they're never in your code base (nothing to .gitignore).
Is it bad to have a private repository with all the API keys shown in that repository?
it is bad practice, it should be stored in secured (encrypted) storage that can be retrieved in the operating environment
A private repository cannot be queried via the GitHub Search API.
But then, it is more secured to not include your secrets in the repository.
Yeah so no one will be able to look atfve repository
I've definitely done this (accidentally) and only realized it when my API key got a rate limit response. Great reminder.
Wow!
Hope the API rates are not billed :)
This is a good public awareness campaign 👏
Great article, definitely a reminder not to store the credentials along with the application and to use a process that keeps them safe from exposure. The loader was a nice touch!
Thanks,
Imagine downloading without a loader of any progress indication 😊
This happened a fair amount of times to me to the point that whenever I start on any project where I plan on using any API keys I instinctively add .env to the .gitignore file immediately before anything else.
And I recall my professor telling me about actual bots sifting through github looking for api keys accidentally commited in git histories to exploit.
If you want to save a large amount of your money from tello then click the link and get a large variety of quality coupons from tello. So, click the link and save your money.
mysavinghub.com/store/tello-coupons