具有敏感数据的私有和公共Git存储库
[英]Private and public Git repositories with sensitive data
问题描述
I have a service currently running on Heroku . 
我目前正在Heroku上运行一项服务。
The way deployment works with Heroku is that you push the code to a git repository, which triggers a build and subsequently a deployment of the new code. 部署与Heroku一起使用的方式是将代码推送到git存储库,该存储库触发构建并随后部署新代码。
Since this is the only way to deploy your service to Heroku, that git repository contains a lot of sensitive information, such as tokens and client secrets in a few config files. 由于这是将服务部署到Heroku的唯一方法,因此该git存储库包含许多敏感信息,例如几个配置文件中的令牌和客户端机密。 Because of this, the repository is currently a private repository, but I would like to make it into a public one. 因此,存储库目前是一个私有存储库,但我想将其变为公共存储库。
Normally I'd just .gitignore the config files and exclude them entierly, but since committing the files is the only way to get them to Heroku, I can't do that. 通常我只是.gitignore配置文件并将它们排除在外,但由于提交文件是将它们送到Heroku的唯一方法,我不能这样做。
I figured I could solve this issue by having two branches that I would simply push to different remotes, where one was the private one going to Heroku, and one was a public one on GitHub. 我想我可以通过两个分支来解决这个问题,我只需要推送到不同的遥控器,其中一个是私人的去Heroku,一个是GitHub的公共分支。
During development I'd push to the private branch and then merge those changes (minus the configs) to the public branch and all would be well. 在开发过程中,我会推送到私有分支,然后将这些更改(减去配置)合并到公共分支,一切都会好的。 Unfortunately doing it this way caused the merge to include all the history from the private branch, which would include the sensitive data, so that is a no-go. 不幸的是,这样做会导致合并包含来自私有分支的所有历史记录,其中包括敏感数据,所以这是不行的。
Is it possible to do this some other way? 是否有可能以其他方式做到这一点?
I'm also open to alternative solutions. 我也对替代解决方案持开放态度。
How are these situations usually solved? 这些情况通常如何解决?
I feel like this can't really be a unique situation. 我觉得这不可能是一个独特的情况。
1 个解决方案
解决方案1
3 已采纳 2019-04-15 20:30:20
You can use Heroku's Config Vars to store your sensitive data. 您可以使用Heroku的Config Vars存储您的敏感数据。 You'll be able to access the data as environment variables from your code. 您将能够从代码中将数据作为环境变量进行访问。
Most cloud hosting services these days give you the ability to set environment variables and it's considered good practice to use it for sensitive values. 如今,大多数云托管服务都能让您设置环境变量,将其用于敏感值被认为是一种很好的做法 。
As an example, you can set an environment variable using the heroku cli like this: 例如,您可以使用heroku cli设置环境变量,如下所示:
heroku config:set GITHUB_USERNAME=joesmith
Most programming languages provide a way to access environment variables. 大多数编程语言提供了访问环境变量的方法。 For example, with Python you could use: 例如,使用Python,您可以使用:
import os
print(os.environ['GITHUB_USERNAME'])
Wherever you currently use your sensitive data, you could then just replace it with the environment variables. 无论您当前使用敏感数据,都可以将其替换为环境变量。
Another advantage of environment variables is that they are ubiquitous. 环境变量的另一个优点是它们无处不在。 Almost every operating system and cloud service supports them, so they would be one less thing to worry about if you want open source your project and support as many platforms as possible. 几乎每个操作系统和云服务都支持它们,因此如果您希望开源项目并支持尽可能多的平台,那么它们就不用担心了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.