什么是处理在github上密码的最佳做法是什么? [英] What is the best practice for dealing with passwords in github?
问题描述
我已经得到了我用它来访问Twitter,并在某些情况下弹出一个通知低吼一点Bash脚本。请告诉我来处理与存储脚本我的密码的最佳方式?
I've got a little Bash script that I use to access twitter and pop up a Growl notification in certain situations. Whats the best way to handle storing my password with the script?
我想张贴在GitHub上这个剧本,但我想知道什么是最好的方式,让我的登录/密码,私人,而这样做的。目前的密码存储在脚本本身。我无法将其删除之前,我推,因为所有的老提交将包含密码。没有密码显影不是一个选项。我想,我应该存储在外部配置文件中的密码,但我想我会检查,看看是否有我尝试过处理这个既定的方式,把东西在一起。
I would like to post this script on GitHub, but I'm wondering what the best way to keep my login/password private while doing this is. Currently the password is stored in the script itself. I can't remove it right before I push because all the old commits will contain the password. Developing without the password isn't an option. I imagine that I should be storing the password in an external config file, but I thought I'd check to see if there was an established way to handle this before I tried and put something together.
推荐答案
要做到这一点的典型方法是读取配置文件中的密码信息。如果您的配置文件名为 foobar.config
,那么你就犯了一个名为 foobar.config.example
文件到资源库,包含样本数据。要运行程序,您可以创建称为本地(非履带式)文件 foobar.config
你的真正的密码数据。
The typical way to do this is to read the password info from a configuration file. If your configuration file is called foobar.config
, then you would commit a file called foobar.config.example
to the repository, containing sample data. To run your program, you would create a local (not tracked) file called foobar.config
with your real password data.
要过滤掉从previous现有密码提交,请参阅删除敏感数据GitHub的帮助页一>
To filter out your existing password from previous commits, see the GitHub help page on Removing sensitive data.
这篇关于什么是处理在github上密码的最佳做法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!