0

I'm doing a Udemy course about ASP.NET MVC 5. I just finished a section about social plugins.

In the course repo I see this code: Startup.Auth.cs

My question is now, how did he get "12345" and "abcde" in his repo without breaking the code?

Thomas

Thomas
  • 130
  • 8

1 Answers1

2

Once you commit it, it's no longer a secret.

The usual course of action in those cases is to commit some fictional value, as a placeholder to some secret piece of data. He intentionally changed the real value to a sample, so he can commit the code and not disclose his key.

Upon checkout, you should change those values to the real ones (presumably known only to you) to test the code. When run directly, that's likely to fail for using bad credentials.

Alejandro
  • 7,290
  • 4
  • 34
  • 59
  • It's not recommended to store credendtials on code, it must be set on configs or database, and encrypted. – Marc Mar 21 '18 at 21:07
  • Ok thanks, I did not make a commit yet so my values are still "secret". How can I commit placeholders? If I type "12345" in my code to make a commit, my code will fail if I run it. If I change it back to the right values then there will be "uncommited changes", that can be commited by the next commit I make. – Thomas Mar 21 '18 at 21:14
  • @Marc Certainly, a dedicated config file is a better option. All what I wrote applies equally to them. – Alejandro Mar 22 '18 at 01:04
  • @VoetsT The right way is to never commit those secret values, so they really remain secret. Before first commiting the file, put the placeholders there, commit, then change back. As you said they'll show as "uncommited changes", here use your VCS tooling to ignore them on the next commit. I face the very same issue, but it's easy to counter once you isolate configurations to a dedicated file, then ignore that file. – Alejandro Mar 22 '18 at 01:08
  • @Alejandro I'm using Git as my VCS with SourceTree. How can I ignore certain lines of code in a file? I'm pretty new to version control. – Thomas Mar 22 '18 at 06:48
  • @VoetsT Have a look at this question that deals exactly with that: https://stackoverflow.com/q/3319479/2557263 – Alejandro Mar 22 '18 at 12:33
  • @Alejandro Thanks a lot, that was exacly what I was looking for! I made a commit with placeholders and was able to change my code back to normal. – Thomas Mar 22 '18 at 19:33