[英]Making a Git project open source when you have secret keys
I have a project on GitHub behind a private repository.我在 GitHub 上有一个位于私有存储库后面的项目。 I want to make the repo public.
我想公开回购。 However, my project uses secret keys.
但是,我的项目使用密钥。
How can I make the project public while still protecting the "history" of those secret keys?如何在保护这些密钥的“历史”的同时公开项目? I'm guessing I'm SOL, and should simply invalidate the keys to prevent their use.
我猜我是 SOL,应该简单地使密钥无效以防止它们使用。
Note that this is not the same question as How to open-source an application that uses API keys请注意,这与如何开源使用 API 密钥的应用程序不同
or或者
How to handle 'open-sourcing' your application, when it uses a personal API key? 当应用程序使用个人 API 密钥时,如何处理“开源”应用程序?
As my project is already on Git, the entire source history can be easily viewed.由于我的项目已经在 Git 上,因此可以轻松查看整个源历史记录。 What I suppose I could do is branch off a separate project with the API keys hidden, and make that repo public.
我想我能做的就是将 API 密钥隐藏起来,从一个单独的项目中分支出来,然后公开该存储库。 But then users would miss out on the entire branching history, which they may be curious about (I know I would).
但是用户会错过整个分支历史,他们可能会对此感到好奇(我知道我会)。
You could remove the secret keys from the repository using a hammer like git filter-branch
.您可以使用像
git filter-branch
这样的锤子从存储库中删除密钥。 There is a nice explanation on GitHub's help pages . GitHub 的帮助页面上有很好的解释。
I used a new .gitignore which already excluded all the private stuff/secret keys and copied everything into a fresh repository.我使用了一个新的 .gitignore ,它已经排除了所有私有的东西/秘密密钥,并将所有内容复制到一个新的存储库中。 If I ever need access again to the old git history, I have left a copy of it.
如果我需要再次访问旧的 git 历史记录,我会留下一份副本。
Check out git-castle
( https://www.npmjs.com/package/git-castle )!查看
git-castle
( https://www.npmjs.com/package/git-castle )!
You can add contributors to your whitelist and allow them to use your keys.您可以将贡献者添加到白名单并允许他们使用您的密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.