How to Avoid Adding Passwords to Git

I was working on figuring out how to log ftp scripts, and discovered how to use a remote file: .netrc to store usernames and passwords. So I’m going to have to apply that to a number of scripts in the DigitalSignage program I’m working on. Hmmm, which makes me realize I’m doing the same for the main RETS library I’m accessing!

Then I randomly clicked on a YouTube “Tech Code” channel and watched a guy describing how he accidentally hard-coded a password into his program, and saved it to git–thereby uploading it to anyone who has access to the source code. Yikes!

The solution to hard-coding usernames and passwords into programs that get moved about is to use an environmental file: .env (for python or laravel for instance) that stores the either local or remote (test / production) settings. Of course!

 

Leave a Reply

Your email address will not be published. Required fields are marked *