如何从 github 提交个人访问令牌
[英]How to commit Personal Access token from github
问题描述
I made a test app which uses github's graphQL api. For using this api the personal access token has been placed inside the code.
我制作了一个使用 github 的 graphQL api 的测试应用程序。为了使用这个 api,个人访问令牌已放在代码中。 Now whenever I commit the code with token, I get email from github which has title: "Action needed: GitHub access token found in commit, any app using this secret may be affected".现在,每当我使用令牌提交代码时,我都会从 github 获得 email,其标题为:“需要采取的行动:GitHub 在提交中找到访问令牌,任何使用此秘密的应用程序都可能受到影响”。
How should I commit the personal access token in my code?我应该如何在我的代码中提交个人访问令牌? Or should I never commit such tokens in the code?或者我不应该在代码中提交这样的标记? If not, then where should I keep these tokes?如果没有,那么我应该把这些代币放在哪里? So that I can access these tokens whenever the grapQL api is called.这样我就可以在调用 grapQL api 时访问这些令牌。
PS: I am creating this app using vue3 only PS:我只使用 vue3 创建这个应用程序
1 个解决方案
解决方案1
2 已采纳 2022-03-25 12:25:31
Never publish them on any open platform, There are many safe options.永远不要在任何开放平台上发布它们,有很多安全的选择。 eg store tokens in a file that is ignored by git (but then you'll have to make sure you manually put this file in every clone of your repository).例如,将令牌存储在一个被 git 忽略的文件中(但随后您必须确保手动将此文件放入存储库的每个克隆中)。 Or you can set up an environment variable in your operating system with your token.或者您可以使用令牌在操作系统中设置环境变量。
For your current situation, you better generate a new token and never share it.对于您目前的情况,您最好生成一个新令牌并且永远不要共享它。 Or a less secure option would be to use some external tool that overrides git history, so that you can purge the file that contains the token from the older commits (but the Inte.net never forgets, it doesn't guarantee that noone has stolen your token already).或者一个不太安全的选择是使用一些覆盖 git 历史的外部工具,这样你就可以从旧的提交中清除包含令牌的文件(但 Inte.net 永远不会忘记,它不能保证没有人被盗你的令牌已经)。 An article about how to remove something leaked to GitHub关于如何删除泄漏到 GitHub 的内容的文章
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.