什么是处理在github上密码的最佳做法是什么? [英] What is the best practice for dealing with passwords in github?
问题描述
我已经得到了我用它来访问Twitter,并在某些情况下弹出一个通知低吼一点Bash脚本。请告诉我来处理与存储脚本我的密码的最佳方式?
I've got a little Bash script that I use to access twitter and pop up a Growl notification in certain situations. Whats the best way to handle storing my password with the script?
我想张贴在GitHub上这个剧本,但我想知道什么是最好的方式,让我的登录/密码,私人,而这样做的。目前的密码存储在脚本本身。我无法将其删除之前,我推,因为所有的老提交将包含密码。没有密码显影不是一个选项。我想,我应该存储在外部配置文件中的密码,但我想我会检查,看看是否有我尝试过处理这个既定的方式,把东西在一起。
I would like to post this script on GitHub, but I'm wondering what the best way to keep my login/password private while doing this is. Currently the password is stored in the script itself. I can't remove it right before I push because all the old commits will contain the password. Developing without the password isn't an option. I imagine that I should be storing the password in an external config file, but I thought I'd check to see if there was an established way to handle this before I tried and put something together.
推荐答案
要做到这一点的典型方法是读取配置文件中的密码信息。如果您的配置文件名为 foobar.config ,那么你就犯了一个名为 foobar.config.example 文件到资源库,包含样本数据。要运行程序,您可以创建称为本地(非履带式)文件 foobar.config 你的真正的密码数据。
The typical way to do this is to read the password info from a configuration file. If your configuration file is called foobar.config, then you would commit a file called foobar.config.example to the repository, containing sample data. To run your program, you would create a local (not tracked) file called foobar.config with your real password data.
要过滤掉从previous现有密码提交,请参阅删除敏感数据GitHub的帮助页
To filter out your existing password from previous commits, see the GitHub help page on Removing sensitive data.
这篇关于什么是处理在github上密码的最佳做法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
