Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

How to handle passwords in shared code

Mark Fox1
Mark Fox April 13, 2015

This is a general git question.  I want to share my repo with other developers but my code has a login and password in it (for Parse.com's API) which I don't want them to see.  I can see a couple options:

1) Don't include the login and password in my source code.  When I build the app I manually copy/paste the login and password into the right place, compile, then remove the login and password before the next commit.

2) Setup two repos. One private repo for myself which has the login and password in the code and one for sharing.  I would manually remove the login and password whenever I needed to update the shared repo from the private one.

3) Some feature of git or sourcetree that I don't know about which hides the login and password from everyone except me.

How do others do this? Are there best practices?

Answer
Watch
Like Be the first to like this
382 views

1 answer

2 votes
Daniel Wester
Daniel Wester
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 13, 2015

Don't hard code credentials in code. From a security perspective you run into issues like you're facing. The other problem is if you need to change the credentials - do you really want to have to compile and release the code again? And what if somebody decides to copy that part of the code fragment (without realizing that the credentials are there) - now you've got to keep the the credentials up to date in 2 places (and you won't know the second location).

A better approach is to externalize these values into an external configuration. This can be as simple as a key value file. Then maintain that in a separate repository that only the people that needs to have access to.

View More Comments
Mark Fox1
Mark Fox April 13, 2015

This makes a lot of sense. Thanks.

Like
Seth
Seth
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
April 13, 2015

To complete this answer, I'll point out that I've never heard of a feature built into any versioning system to that would hide usernames or passwords that are stored in text files.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events