Generally, it's not a good idea to deploy code with sensitive information, such as application programming interface (API) keys or personal access token's (PAT's) to GitHub or any other public code repository. By doing so, anyone with access to your GitHub repository can see and potentially misuse that information. This could lead to unauthorized access to your accounts, data breaches, or other malicious activities.
To mitigate these risks, it's important to follow security best practices, including:
Remove or replace sensitive information: Remove any sensitive information from your code or replace it with placeholders or environment variables.
Deploy to cloud platforms: Deploying your code on cloud platforms like Amazon Web Services (AWS), Microsoft Azure, Heroku, or Google Cloud Platform (GCP) gives you control over the hosting environment. These platforms often provide secure deployment options and support environment variables to store sensitive information.
For simple projects that don't have sensitive information, it's best to use GitHub for deployment. It's safer to deploy projects with just the front-end (what users see) rather than more complex ones that include both the front-end, back-end, and a database (where data is stored).
What are your thoughts on this? Do you have any additional tips to reduce security risks? If you have a different viewpoint, feel free to share your thoughts in the comments section.
Top comments (0)