Password storage in source control

后端未结

关注

 6  1640

独厮守ぢ 2020-12-08 05:13

We store all our application and db passwords in plain text in source control. We do this as our build/deploy process generates required configuration files and also does a

6条回答

陌清茗 (楼主)

2020-12-08 06:05
I assume the objective is that you don't want your company's private passwords to be available, encrypted, decrypted, or otherwise, to anyone that should otherwise be allowed access to the rest of the source.

Here's how I do it. I've duplicated this pattern from TikiWiki, which does this too.

in some file that normally contains passwords, set them to dummy values, doesn't matter what. Set it to whatever your customer should see. Put a comment nearby for developers to leave this file alone and alter a second file.

In the second file, which gets created if it's not there, put the actual passwords. arrange for this file to be included, imported, whatever, by the first file.

Arrange for your source control to ignore that file. Could look something like this:
```
# in .gitignore
localsettings.py

# in settings.py
## Alter this value to log into the snack machine:
## developers: DON'T alter this, instead alter 'localsettings.py'
SECRET_VALUE = ""
try:
  from localsettings import *
except:
  pass

# in localsettings.py
SECRET_VALUE = "vi>emacs"
```
0 讨论(0)

查看其它6个回答
发布评论:

提交评论
- 加载中...