Proper way to hide API keys in Git

Question

In my C# project have APIKeys.cs file which have const strings with API keys. I want those strings to be empty in Git server but have actual API keys in my local computer. S

Answer 1

Accept that you cannot hide unencrypted private keys in a public space.

What you can do is move the keys to a private space, and then reference that private space from code.

Your private space might be environment variables or the Windows registry, it should be something outside the source code of your app.

Another approach is to create a new config file (e.g. keys.config) specifically for storing private keys, and then exclude this file from source control.

This means you don't share your private keys, but it also means that you need to document (perhaps in readme.md) that users will need to recreate their own keys.config. Even better (thanks @Joey) is to include a sample config file (keys.sample.config) in the solution, illustrating what's needed.

Here is an example