Trimming API keys before pushing to git

Question

I have a project that use Twitter authentication. So that means, the project have API keys which are supposed to remain private. I wanna make it open source so thats why I have to trim all the API keys before git push. For 2 days now, I've been doing it manually. This is a very tiresome process.

Now, I'm thinking that sftp-ing the files to the live server is also tiresome and I should just set up a webhook on the live server and let it pull all the changes.

But, the git version would have all the API keys trimmed. So the live site won't work. I need some ideas on how do I get around this that is..

-> remove auth keys before pushing to git
-> put keys back in when pulling on live server

Don't store them in your code at all, use environment variables — Ismail Badawi, Dec 04 '16 at 17:25
@IsmailBadawi it's a php project. I'm not sure how can I use env. vars in PHP — haider, Dec 04 '16 at 18:35
I am willing to bet that if @haider is using FTP they do not have access to the PHP CGI process and would not be able to set environment variables. — Ben Campbell, Dec 04 '16 at 21:47
@BenCampbell i do have root access but i like the proposition provided in the answer below, better. — haider, Dec 04 '16 at 21:51

Schwern · Answer 1 · 2016-12-04T21:40:15.263

0

Use a separate file to store private information. Don't check it in.

Simplest thing to do is to have a config file which contains the default config. This is checked in and left alone. Then a user provides their own customization config which overlays the defaults. This user written file is not checked in. Put your authentication info in there.

The other advantage is now you can change the default config without blowing away local customization.

The rule of thumb is you never want to have files which are tracked but have changes which cannot be checked in. It makes developing harder and is just asking for someone to git add . or git commit -a by mistake. Instead, put the bits that need to be changed into a separate, untracked file.

But, the git version would have all the API keys trimmed. So the live site won't work.

Git is not a release tool, don't try to use it like one. You need some other method of putting files onto your server beyond simply fetching from the Git repo. Something as simple as rsync will do.

edited Dec 04 '16 at 21:40

answered Dec 04 '16 at 21:38

Schwern

153,029
25
195
336

i meant sftp, sorry – haider Dec 04 '16 at 21:39
Can you shine some light on using git as a release tool? What are the disadvantages of that? I have never thought about them. – haider Dec 04 '16 at 22:56
@haider This comes up all the time, people trying to use Git as a release or build tool. [Here's one answer that relates](http://stackoverflow.com/questions/36321305/managing-website-with-git-on-a-existing-website/36321508#36321508). And [another answer](http://stackoverflow.com/questions/33354786/git-updating-remote-repository-working-files/33355059#33355059). And [another answer](http://stackoverflow.com/questions/36340468/prompt-message-before-git-pull/36341289#36341289). Basically [search for "git" and "release"](http://stackoverflow.com/search?q=git+release). – Schwern Dec 04 '16 at 22:59

Trimming API keys before pushing to git

1 Answers1