1. 技术文章
  2. when you have secret key in your project, how can pushing to GitHub be possible?

when you have secret key in your project, how can pushing to GitHub be possible?

感情迁移 提交于 2019-11-27 06:54:58
VonC

Add in your repo:

  • a template of it (secret_token.rb.template),
  • a script able to generate a proper config file secret_token.rb based on local data found on the server (like an encrypted file with the secret value ready to be decoded and put in the secret_token.rb file)

From there, add a git attribute custom driver:

The script referenced above will be your 'smudge' script which will, on checkout of the working tree, generate automatically the right file.

Put the secret key in some sort of external config file. Thats what we do.

There are several external tools, which do exactly that. Basically, these tools encrypt the file with your private data and store it in the VCS, but ignore the original unencrypted file.

One of the most known and trusted is blackbox. It uses gpg to encrypt your files and works with both git and hg. By the way, it is created by SO team. Have a look at the alternatives section, it has at least five other tools.

I can also recommend you a tool called git-secret, it also uses gpg. But it works only with git. The main advantage is that the workflow is much easier compared to other tools.

You could risk trusting Github's security/privacy if it is a private repository .. or:
- Pull the data from a configuration file on the server. For example, if you use Capistrano for deployment, you can add a step that copies the configuration file from somewhere on the server.
- Use an environment variable.

标签
git
github
secret-key
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!