This is a general git question. I want to share my repo with other developers but my code has a login and password in it (for Parse.com's API) which I don't want them to see. I can see a couple options:
1) Don't include the login and password in my source code. When I build the app I manually copy/paste the login and password into the right place, compile, then remove the login and password before the next commit.
2) Setup two repos. One private repo for myself which has the login and password in the code and one for sharing. I would manually remove the login and password whenever I needed to update the shared repo from the private one.
3) Some feature of git or sourcetree that I don't know about which hides the login and password from everyone except me.
How do others do this? Are there best practices?
Don't hard code credentials in code. From a security perspective you run into issues like you're facing. The other problem is if you need to change the credentials - do you really want to have to compile and release the code again? And what if somebody decides to copy that part of the code fragment (without realizing that the credentials are there) - now you've got to keep the the credentials up to date in 2 places (and you won't know the second location).
A better approach is to externalize these values into an external configuration. This can be as simple as a key value file. Then maintain that in a separate repository that only the people that needs to have access to.
Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs