I'm planning to release on my GitHub account some projects related to the articles I'm writing.
The problem is that for these projects I need some private key that I don't want to share on the web. What's the best strategy for you?
I was thinking to have a local config file with the real keys and put that file under gitignore. But If I do so, I'll not be able to get them if I need to work from another PC.
How have you overcome this problem?
Latest comments (3)
Maybe you can use Azure Vault :) ?
Best practice is to never commit any sensitive data (e.g. keys) to any repo. Ignore the file like you said and store a copy somewhere safe (DropBox, OneDrive, iCloud, whatever you use).
Note that if youβve ever committed a sensitive file to a repository itβs still stored in the repository history. You have to use something like bfg to clean out sensitive files before making the repo public.
Luckily I have published only versions with
<your-key-here>
values.So the best way is to ignore the config file, use it for local development and store a copy outside... Uhm, it looks cumbersome, but it makes sense