• deegeese
    link
    fedilink
    arrow-up
    89
    ·
    4 months ago

    If I had a dollar for every API key inside a config.json…

    • marcos@lemmy.world
      link
      fedilink
      arrow-up
      40
      ·
      4 months ago

      Here’s the thing, config.json should have been on the project’s .gitignore.

      Not exactly because of credentials. But, how do you change it to test with different settings?

      • deegeese
        link
        fedilink
        arrow-up
        19
        ·
        4 months ago

        For a lot of my projects, there is a config-<env>.json that is selected at startup based the environment.

        Nothing secure in those, however.

      • MajorHavoc@programming.dev
        link
        fedilink
        arrow-up
        12
        ·
        edit-2
        4 months ago

        But, how do you change it to test with different settings?

        When it’s really messy, we:

        • check in a template file,
        • securely share a .env file (and .gitignore it)
        • and check in one line script that inflates the real config file (which we also .gitignore).
    • MajorHavoc@programming.dev
      link
      fedilink
      arrow-up
      19
      ·
      4 months ago

      I actually do have a dollar for every API key I or my team have committed inside a config file.

      And…I’m doing pretty well.

      Also, I’ve built some close friendships with our Cybersecurity team.

      • deegeese
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        4 months ago

        Might just make enough to pay your AWS bill this month.