如何对应用程序保密? [英] How to keep the app secret a secret?
问题描述
每个新的 Play 应用都会在其配置文件中生成一个新的应用机密.
Every new Play app gets a new application secret generated into its config file.
application.secret=asdfadsfdasf
我正在开发一个将部署在 Heroku 上的开源应用程序.我如何将应用保密(例如,不要将其提交到源代码管理中)?
I'm developing an open source app that will be deployed on Heroku. How can I keep the app secret a secret (e.g. no commit it into source control)?
应用机密究竟在哪里使用?也许出于我有限的目的,我真的不必保密?
Where exactly is the app secret used? Perhaps for my limited purposes I don't really have to keep it a secret?
推荐答案
您可以将机密外部化为环境变量.
You can externalize the secret as an environment variable.
在conf/application.conf
中简单替换
application.secret=abc123...
与
application.secret=${APP_SECRET}
然后在 Heroku 中设置这个配置变量:
and then set this config var in Heroku with:
$ heroku config:add APP_SECRET=abc123...
现在您可以在每个应用的基础上管理机密,避免将它们签入版本控制.
Now you can manage secrets on a per-app basis and avoid checking them into version control.
这篇关于如何对应用程序保密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!