在 git 存储库中处理密码的最佳实践是什么? [英] What is the best practice for dealing with passwords in git repositories?
问题描述
我有一个小 Bash 脚本,可用于访问 Twitter 并在某些情况下弹出 Growl 通知.使用脚本处理存储密码的最佳方法是什么?
I've got a little Bash script that I use to access twitter and pop up a Growl notification in certain situations. What's the best way to handle storing my password with the script?
我想将此脚本提交到 git 存储库并使其在 GitHub 上可用,但我想知道这样做时保持登录名/密码私密的最佳方法是什么.目前,密码存储在脚本本身中.我无法在推送之前立即删除它,因为所有旧提交都将包含密码.没有密码的开发不是一种选择.我想我应该将密码存储在一个外部配置文件中,但我想在我尝试将一些东西放在一起之前,我想看看是否有一种既定的方法来处理这个问题.
I would like to commit this script to the git repo and make it available on GitHub, but I'm wondering what the best way to keep my login/password private while doing this is. Currently, the password is stored in the script itself. I can't remove it right before I push because all the old commits will contain the password. Developing without a password isn't an option. I imagine that I should be storing the password in an external config file, but I thought I'd check to see if there was an established way to handle this before I tried and put something together.
推荐答案
执行此操作的典型方法是从配置文件中读取密码信息.如果您的配置文件名为 foobar.config,那么您会将名为 foobar.config.example 的文件提交到存储库,其中包含示例数据.要运行您的程序,您需要使用您的真实密码数据创建一个名为 foobar.config 的本地(未跟踪)文件.
The typical way to do this is to read the password info from a configuration file. If your configuration file is called foobar.config, then you would commit a file called foobar.config.example to the repository, containing sample data. To run your program, you would create a local (not tracked) file called foobar.config with your real password data.
要从以前的提交中过滤掉现有密码,请参阅 删除敏感数据上的 GitHub 帮助页面.
To filter out your existing password from previous commits, see the GitHub help page on Removing sensitive data.
这篇关于在 git 存储库中处理密码的最佳实践是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
