0

I've written a small golang program which reads from a configuration json file a secret api key. When I put the binary in bin, and set up an alias to call it from my shell, it will look for the configuration file in whatever directory I'm currently in.

Is there a way to put the api key into the binary at build -- but keep it separate/secret for version control/git (it's free software)?

Nevermore
  • 7,141
  • 5
  • 42
  • 64
  • 1
    You do realize that if you put the secret in the binary, you now have to protect all copies of that binary too? This isn't really a good idea. – JimB Jul 20 '16 at 18:05
  • The secret is accessible in the binary? – Nevermore Jul 20 '16 at 18:07
  • Of course. _Anything_ that the program binary has access to is accessible if you have the binary. Otherwise the program wouldn't be able to use it itself. – JimB Jul 20 '16 at 18:13
  • 1
    (though for completeness, you can insert a string at link-time. It's been answered many times here, for example: http://stackoverflow.com/questions/11354518/golang-application-auto-build-versioning/11355611#11355611) – JimB Jul 20 '16 at 18:20
  • if your concern is to keep the api key out of git, you could use public key encryption to encrypt the key before check-in. Then you provide public key to your binary using the linker when building. You still need to protect the binary. Security is hard business :) – vimdude Sep 26 '17 at 14:56

0 Answers0