• @[email protected]
      link
      fedilink
      414 months ago

      Here’s the thing, config.json should have been on the project’s .gitignore.

      Not exactly because of credentials. But, how do you change it to test with different settings?

      • @[email protected]
        link
        fedilink
        194 months ago

        For a lot of my projects, there is a config-<env>.json that is selected at startup based the environment.

        Nothing secure in those, however.

      • @[email protected]
        link
        fedilink
        12
        edit-2
        4 months ago

        But, how do you change it to test with different settings?

        When it’s really messy, we:

        • check in a template file,
        • securely share a .env file (and .gitignore it)
        • and check in one line script that inflates the real config file (which we also .gitignore).
    • @[email protected]
      link
      fedilink
      194 months ago

      I actually do have a dollar for every API key I or my team have committed inside a config file.

      And…I’m doing pretty well.

      Also, I’ve built some close friendships with our Cybersecurity team.

    • fmstrat
      link
      fedilink
      English
      54 months ago

      Can I have a dollar for every public S3 bucket?