DEV Community

loading...

How to push a sensitive data to repository in the best way

plumthedev profile image Kacper Pruszynski ・3 min read

New approach

"You build something, something great" - as he used to say classic. When a new idea for the project is born in your head, you want to get it open source and have millions users and devs who uses your great app.

You have already written code and suddenly you can not push code to repository for fear of a leak sensitive data, you connect to the database and authorize with secret keys, your password in database is hashed by your own seed and cookies have secret keys.

What to do to save users and your applications? That's why I'm here :)

I will use Node.js with TypeScript, Webpack and Babel to create CLI which give me the weather when I type city name.
All weather info will be fetched by axios from OpenWeatherMap.org
Source code is on my GitHub repository

Construction

Good project must have solid foundations in the form of an appropriate project structure.

We need a folder for source code with designated place for credentials.
Files with sensitive data we will write in all caps with underscores name convention, both their names and content. Take a look for structure here.

Build tool

So, now we have solid foundations. Let's write some code, in my case it will be CLI. In the first place I tried to create classes that will be rule over npm packages. To work with command line I choose commander which is great solution for node.js command-line interfaces.

Next I want to add some color to my console messages. I prefer to use chalk.

I build base class for my CLI and Cli Command to easiest develop in future. Again solid foundations gives my many saved time in future.

OpenWeatherMap.org force usage api key to get info about weather, so in my directory src/credentials I create file OPEN_WEATHER_MAP.js to storage of sensitive data. I complete file with information about must completing api keys and URL. I didn't complete with real data and push it to repository. That would be very dangerous!

const OPEN_WEATHER_MAP = {
    API_URL: '<yourOpenWeatherMapApiUrl>',
    API_KEY: '<yourOpenWeatherMapApiKey>'
}

export default OPEN_WEATHER_MAP;

In that case I don't care about sensitive data leak. I can push this file to repository and start ignoring him with git. Thanks to this, git will not consider any file changes in the future.
To start ignoring file, type in terminal:

$ git update-index --assume-unchanged src/js/credentials/OPEN_WEATHER_MAP.js 

If you wanna start tracking changes again:

$ git update-index --no-assume-unchanged src/js/credentials/OPEN_WEATHER_MAP.js 

After that all of my sensitive data are secure and other developers can work with project after clone repository. I pushing rest of files to repository, commit changes and I'm checking the weather.

Summary

  • Keep your sensitive data in others files and export it. Files must award with name. All caps with underscores, eg. USER_CONFIG.js.
  • Good, solid foundations can save many time in future.
  • Commit and push only safe or information values with sensitive data. Don't skip any files, just start ignoring it after commit with safe values.
  • To stop tracking file use git update-index --assume-unchanged <path>
  • To start tracking file use git update-index --no-assume-unchanged <path>

Thanks for reading! Greetings, plum!
GitHub repository: click here
Author homepage: click here

Discussion (1)

pic
Editor guide
Collapse
iwaniukooo11 profile image
Mateusz Iwaniuk

Very good article,hi5