• marcos@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      4 months ago

      Here’s the thing, config.json should have been on the project’s .gitignore.

      Not exactly because of credentials. But, how do you change it to test with different settings?

      • deegeese@sopuli.xyz
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        For a lot of my projects, there is a config-<env>.json that is selected at startup based the environment.

        Nothing secure in those, however.

      • MajorHavoc@programming.dev
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        4 months ago

        But, how do you change it to test with different settings?

        When it’s really messy, we:

        • check in a template file,
        • securely share a .env file (and .gitignore it)
        • and check in one line script that inflates the real config file (which we also .gitignore).
    • MajorHavoc@programming.dev
      link
      fedilink
      arrow-up
      1
      ·
      4 months ago

      I actually do have a dollar for every API key I or my team have committed inside a config file.

      And…I’m doing pretty well.

      Also, I’ve built some close friendships with our Cybersecurity team.