5

I've got a public repo on Github. And I want to set it up with a few services that would require personal API keys.

Of course, I want to share the codebase with whoever wants it, but not my personal keys.

Is there a pattern for this?

I'm thinking I could .gitignore a file of constants and only use them on my server itself.

Just not sure what the recommended practice is for this.

FYI: it is a javascript application in Meteor. With both server and client-side javascript.

Thanks in advance.

Adam
  • 4,054
  • 4
  • 25
  • 28
  • 1
    Here's a similar question with some great suggestions: http://stackoverflow.com/questions/4101568/making-a-git-project-open-source-when-you-have-secret-keys – Katherine Chalmers Sep 22 '12 at 19:28
  • Thanks Katherine, not sure how I missed that, looks like its the way to go... – Adam Sep 22 '12 at 20:31
  • Also, retrieving the API key values being from a JSON or YAML file might help you to seperate the Config info from the code and simply use .gitignore to hide it on public repos. – Apoorv Saxena Sep 22 '12 at 20:35
  • Thanks Cody. I stored my configs in a javascript object and ignored it with GIT. Worked fine for me. If there's a distinct advantage to using JSON instead, I'd be happy to hear it. Either way, thanks for the response... – Adam Sep 23 '12 at 03:49
  • possible duplicate of [How to open-source an application that uses API keys](http://stackoverflow.com/questions/1983990/how-to-open-source-an-application-that-uses-api-keys) – Dennis Traub Sep 26 '12 at 07:45

2 Answers2

1

If you don't want to share your keys, don't commit them to the repository at first. To prevent yourself from committing them accidentally, I'd propose you exclude them through an entry in the .gitignore, as you suggested. This way you can even use

git add .
git commit -a -m "commit everything"

safely, without having to worry about the keys.

Manuel Leuenberger
  • 2,327
  • 3
  • 21
  • 27
0

This is a bit late but I would recommend using the Dotenv package for meteor. https://github.com/okgrow/meteor-dotenv It is very well documented and is way better in terms of security. One thing it forgets to mention though is to add the .env file to the .gitignore

Matthieu Gavaudan
  • 361
  • 1
  • 2
  • 12
  • While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. – PKirby Jul 24 '15 at 09:47