371

submitted 4 months ago by carrylex@lemmy.world to c/programmer_humor@programming.dev

46 comments fedilink hide all child comments

One does not commit or compile credentials

Context:

This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.

you are viewing a single comment's thread
view the rest of the comments

[-] deegeese@sopuli.xyz 91 points 4 months ago

If I had a dollar for every API key inside a config.json…

[-] marcos@lemmy.world 41 points 4 months ago

Here's the thing, config.json should have been on the project's .gitignore.

Not exactly because of credentials. But, how do you change it to test with different settings?

[-] deegeese@sopuli.xyz 19 points 4 months ago

For a lot of my projects, there is a config-.json that is selected at startup based the environment.

Nothing secure in those, however.

[-] MajorHavoc@programming.dev 12 points 4 months ago* (last edited 4 months ago)

But, how do you change it to test with different settings?

When it's really messy, we:

check in a template file,
securely share a .env file (and .gitignore it)
and check in one line script that inflates the real config file (which we also .gitignore).