您如何设法将凭据保留在公共可浏览的源代码之外？ [英] How do you manage to keep credentials out of publically browsable source code?

问题描述

假设您想要显示设置文件的源代码，但不希望公共源代码中显示3-4行。你只是手动替换这些变量，或者是否有一些你使用的技巧，比如将它们包含在另一个单独的文件中，并将其包含在主要的conf中？

或者更多常见的只是没有跟踪和包括该文件的回购？

解决方案

我解决这个问题的方式，我必须处理几乎在我所有的项目中，都是通过使用我从某人挑选的模式来进行的。在这种模式下 - 不仅可以用来保持凭据不受版本控制，还可以分离环境/平台特定设置 - 版本控制下的主要设置文件会导入适当的辅助设置文件称为local_settings。这个local_settings文件不会被置于版本控制之下，并且对于部署源的每个平台，都会为该平台创建单独的特定local_settings文件。

我会举例说明我如何通常为我的Django / Python项目执行此操作。有一个中央的，每个项目 settings.py 文件，这个文件在版本控制下，并且一个平台（可能平台不太适合用在这里） code> local_settings.py 文件。 local_settings.py 文件从 settings.py 文件中导入，其中不同的设置变量在下面定义方式：

  import local_settings 
 
 DATABASE_USER = local_settings.db_user 
 DATABASE_PASSWORD = local_settings.db_pass 
  

而且，作为上面代码片段的一个例子， local_settings .py 文件是这样定义的：

  db_user ='user'
 db_pass ='通过'
  

在处理有问题的问题时，我发现这种模式非常好。

Let's say you want to show the source code for a settings file but don't want 3-4 lines to show up in the public source code. Do you just manually replace those variables or are there some tricks you use, like including them in yet another separate file and including that in the main conf?

Or is it more common to just not track and include that file in the repo?

解决方案

The way I tackle this problem, and I have to deal with it in nearly every project I work on, is by utilizing a pattern I picked from someone. In this pattern--which can not only be used to keep credentials from not being under version control but also to segregate environment/platform specific settings--the main settings file, which is under version control, imports a secondary settings file that is aptly called "local_settings". This "local_settings" file is not put under version control, and for each platform that the source is deployed on, a separate, specific local_settings file is created tailored to that platform only.

I will give you an example of how I commonly do this for my Django/Python projects. There is a central, per-project settings.py file, which is under version control, and a platform (perhaps platform is not quite the right terminology to use here) specific local_settings.py file. The local_settings.py file is imported from within the settings.py file, where different setting variables are defined in the following manner:

import local_settings

DATABASE_USER = local_settings.db_user
DATABASE_PASSWORD = local_settings.db_pass

And, as an example to go along with the snippet above, the local_settings.py file is defined thus:

db_user = 'user'
db_pass = 'pass'

I have found this pattern when dealing with the issue in question to work really well.

这篇关于您如何设法将凭据保留在公共可浏览的源代码之外？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！