如何处理公共git回购中的敏感数据? [英] How do you handle sensitive data in a public git repo?
问题描述
显然在代码中保留敏感数据会破坏它。
另一个解决方案是不对代码中的秘密信息进行硬编码,但将其存储在独立文件中并对文件进行gitignore。这有一个缺点,那就是当有人第一次提取你的代码时,秘密信息将会丢失,并且不会用完。这可以通过在代码中编写一个初始化,如果缺少例程来解释,但是然后你让git系统滑入你的代码,这是IMO不是一件好事。
另一个解决方案是创建一个默认秘密信息文件,在项目开始时提交它,然后在不提交的情况下使用自己的信息。但是,这可能会让git抱怨说,当你拉动的时候你有没有提交的变化。
那么处理这个问题的常用方法是什么?
尝试使用 .gitattribute 进行已配置路径加密/解密过滤器:
* secure.yml filter = crypt
然后在.git / config中添加crypt过滤器的配置:
<$ c
clean = openssl enc ...
smudge = openssl enc -d ...
required
How do you handle sensitive data like secret API keys, hash salts when you keep your code in a public git repo?
Obviously keeping the sensitive data in the code will compromise it.
Another solution is to not hardcode the secret info in the code, but store it in a stand-alone file and gitignore the file. This has the disadvantage that when someone pulls your code for the first time the secret information will be missing and it won't run out of the box. This can be accounted for by writing a "initialize if missing" routine in the code, but then you're letting the git system slip into your code, which is IMO not a good thing.
And another solution is making a "default" secret information file, commit it at the start of the project and then use your own information without committing it. But this may make git complain that you have un-commited changes when you pull.
So what is the common way to handle this?
Try to use .gitattributes for path with configured encryption/decryption filter:
*secure.yml filter=crypt
And in the .git/config add the configuration for crypt filter:
[filter "crypt"]
clean = openssl enc ...
smudge = openssl enc -d ...
required
这篇关于如何处理公共git回购中的敏感数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
