在git仓库中处理密码的最佳做法是什么？ [英] What is the best practice for dealing with passwords in git repositories?

问题描述

我有一些Bash脚本用于访问Twitter，并在某些情况下弹出低吼通知。什么是最好的方式来处理与脚本存储我的密码？

I've got a little Bash script that I use to access twitter and pop up a Growl notification in certain situations. Whats the best way to handle storing my password with the script?

我想将此脚本提交到git仓库，并在GitHub上提供，但我想知道如何让我的登录名/密码保持私有的最佳方式这样做是。目前密码存储在脚本本身中。在推送之前，我无法将其删除，因为所有旧的提交都将包含密码。不使用密码进行开发不是一种选择。我想我应该将密码存储在一个外部配置文件中，但我想我会检查是否有一种确定的方法来处理这个问题，然后再尝试并将其放在一起。

I would like to commit this script to the git repo and make it available on GitHub, but I'm wondering what the best way to keep my login/password private while doing this is. Currently the password is stored in the script itself. I can't remove it right before I push because all the old commits will contain the password. Developing without the password isn't an option. I imagine that I should be storing the password in an external config file, but I thought I'd check to see if there was an established way to handle this before I tried and put something together.

执行此操作的典型方法是从配置文件中读取密码信息。如果你的配置文件被称为 foobar.config ，那么你会提交一个名为 foobar.config.example 的文件给存储库，包含示例数据。要运行你的程序，你需要使用真实的密码数据创建一个名为 foobar.config 的本地（未跟踪）文件。

The typical way to do this is to read the password info from a configuration file. If your configuration file is called foobar.config, then you would commit a file called foobar.config.example to the repository, containing sample data. To run your program, you would create a local (not tracked) file called foobar.config with your real password data.

要从之前的提交中过滤出您现有的密码，请参阅删除敏感数据。

To filter out your existing password from previous commits, see the GitHub help page on Removing sensitive data.

这篇关于在git仓库中处理密码的最佳做法是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！