0

When our team(Development team) use a db access with a source code, our member seals secure information with import and gitignore(example below). However, I cannot sure that this is the best case to seal and deliver secure code with peers. Is there any idea or standard way to hide secure information any sensitive code? Any kind of keyword will be helpful.

actor.py

import secure

_ip = secure.ip_address_of_A
_id = secure.id_of_A
_pwd = secure.pwd_of_A

cursor = DataBase(ip=_ip, port=5432, id=_id, pwd=_pwd).cursor()
cursor.query('select * from ... ')

secure.py

ip_address_of_A = '100.100.100.1'
id_of_A = 'john doe'
pwd_of_A = '1234*'

.gitignore

secure.py
sogo
  • 351
  • 5
  • 20
  • If this is a dev environment, sure. Sourcing them as env variables with a similarly maintained bash script is also not unusual. – Arne Feb 08 '18 at 08:25
  • What you are doing is what most people use it. A config file which is in gitignore is pretty much standard. As mentioned above environment variables is also a good idea if you want to avoid config files – Arpit Solanki Feb 08 '18 at 08:28
  • 1
    [This question](https://stackoverflow.com/questions/2397822/what-is-the-best-practice-for-dealing-with-passwords-in-github) is, while not a duplicate, somewhat similar. You will see the same responses there as are in these comments: Source with a script as env variables (especially if you use integration testing tools) or maintain a config file. – Arne Feb 08 '18 at 08:38

0 Answers0