One does not commit or compile credentials
Context:
This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.
One does not commit or compile credentials
Context:
This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.
Here’s the thing, config.json should have been on the project’s .gitignore.
Not exactly because of credentials. But, how do you change it to test with different settings?
For a lot of my projects, there is a config-<env>.json that is selected at startup based the environment.
Nothing secure in those, however.
When it’s really messy, we check in a template file, securely share a .env file (and .gitignore it) and a check in one line script that inflates the real config file (which we also .gitignore).