How to handle passwords in shared code

This is a general git question.  I want to share my repo with other developers but my code has a login and password in it (for's API) which I don't want them to see.  I can see a couple options:

1) Don't include the login and password in my source code.  When I build the app I manually copy/paste the login and password into the right place, compile, then remove the login and password before the next commit.

2) Setup two repos. One private repo for myself which has the login and password in the code and one for sharing.  I would manually remove the login and password whenever I needed to update the shared repo from the private one.

3) Some feature of git or sourcetree that I don't know about which hides the login and password from everyone except me.

How do others do this? Are there best practices?

1 answer

2 votes

Don't hard code credentials in code. From a security perspective you run into issues like you're facing. The other problem is if you need to change the credentials - do you really want to have to compile and release the code again? And what if somebody decides to copy that part of the code fragment (without realizing that the credentials are there) - now you've got to keep the the credentials up to date in 2 places (and you won't know the second location).

A better approach is to externalize these values into an external configuration. This can be as simple as a key value file. Then maintain that in a separate repository that only the people that needs to have access to.

This makes a lot of sense. Thanks.

To complete this answer, I'll point out that I've never heard of a feature built into any versioning system to that would hide usernames or passwords that are stored in text files.

Suggest an answer

Log in or Join to answer
Community showcase
Piotr Plewa
Published Dec 27, 2017 in Bitbucket

Recipe: Deploying AWS Lambda functions with Bitbucket Pipelines

Bitbucket Pipelines helps me manage and automate a number of serverless deployments to AWS Lambda and this is how I do it. I'm building Node.js Lambda functions using node-lambda&nbsp...

710 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot