This is what I usually do, with various packages (the vlucas package above for PHP, dotenv for node/JS) for managing the variables. I find working off a .env file is more applicable and cross platform, as various deploy tools can keep them secret and inject them for you and keeping them outside of a git repo.
At that point it's an issue of communicating those keys to the rest of the team/documenting them securely. I don't have a great solution for that. Password managers like LastPass or Dashlane could work, but might get awkward as you scale up team size?
I've seen LastPass used for that sort of thing, and it's workable. I think a solution that fits a team that's grown past that is just a config script that is run on first setup that pulls all dev configs from a separate, secure store, which maybe pings a different company employee and then generates a one-time token for access, but that might be more or less security or configuration than some orgs need.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This is what I usually do, with various packages (the vlucas package above for PHP, dotenv for node/JS) for managing the variables. I find working off a .env file is more applicable and cross platform, as various deploy tools can keep them secret and inject them for you and keeping them outside of a git repo.
At that point it's an issue of communicating those keys to the rest of the team/documenting them securely. I don't have a great solution for that. Password managers like LastPass or Dashlane could work, but might get awkward as you scale up team size?
I've seen LastPass used for that sort of thing, and it's workable. I think a solution that fits a team that's grown past that is just a config script that is run on first setup that pulls all dev configs from a separate, secure store, which maybe pings a different company employee and then generates a one-time token for access, but that might be more or less security or configuration than some orgs need.