• deegeese
    89·
    1 month ago

    If I had a dollar for every API key inside a config.json…

    • marcos@lemmy.world
      40·
      1 month ago

      Here’s the thing, config.json should have been on the project’s .gitignore.

      Not exactly because of credentials. But, how do you change it to test with different settings?

      • deegeese
        19·
        1 month ago

        For a lot of my projects, there is a config-<env>.json that is selected at startup based the environment.

        Nothing secure in those, however.

      • MajorHavoc@programming.dev
        12·
        1 month ago

        But, how do you change it to test with different settings?

        When it’s really messy, we:

        • check in a template file,
        • securely share a .env file (and .gitignore it)
        • and check in one line script that inflates the real config file (which we also .gitignore).
    • MajorHavoc@programming.dev
      19·
      1 month ago

      I actually do have a dollar for every API key I or my team have committed inside a config file.

      And…I’m doing pretty well.

      Also, I’ve built some close friendships with our Cybersecurity team.

      • deegeese
        8·
        1 month ago

        Might just make enough to pay your AWS bill this month.