1

Possible Duplicate:
What is the best practice for dealing with passwords in github?

I'm putting a project on Github for the first time and was wondering what's the best way to protect sensitive information like API access tokens, SQL logins or other personal info that would normally just be in the source. Should I put these all in a separate file I don't track and simply include it where needed? Thanks.

Community
  • 1
  • 1
Primus202
  • 648
  • 7
  • 24

1 Answers1

3

Organize all these private settings into a single file and keep that file out of source control. Keep it stored somewhere else secure. You can put on the repo a mockup version of this file so people willing to contribute can just checkout the repo and fill their private info.

If you want to keep that file in the repo for some reason, you can register for a paid account on github, that account give you private repos where it's safer to store sensistive information.

Eduardo
  • 22,574
  • 11
  • 76
  • 94
  • To clarify: you should probably not have the mock file be the same name as the real file, to prevent changes from being committed, and the real one should be added to .gitignore. – alternative Aug 21 '12 at 19:15
  • I've seen it suggested to name the mock file `foo.sample` so people can tell right away it's not the real deal. Also, [BitBucket](https://bitbucket.org) has free private repositories. However, it'd be best to err on the side of caution and just not commit confidential files, in case the hosting site gets compromised. – echristopherson Aug 21 '12 at 22:38