stackoom
  简体   繁体   中英

Private and public Git repositories with sensitive data

 原文  2019-04-15 19:28:52       git/ github/ heroku/ git-branch/ git-merge

Question

I have a service currently running on Heroku .
The way deployment works with Heroku is that you push the code to a git repository, which triggers a build and subsequently a deployment of the new code.
Since this is the only way to deploy your service to Heroku, that git repository contains a lot of sensitive information, such as tokens and client secrets in a few config files. Because of this, the repository is currently a private repository, but I would like to make it into a public one.

Normally I'd just .gitignore the config files and exclude them entierly, but since committing the files is the only way to get them to Heroku, I can't do that.

I figured I could solve this issue by having two branches that I would simply push to different remotes, where one was the private one going to Heroku, and one was a public one on GitHub.

During development I'd push to the private branch and then merge those changes (minus the configs) to the public branch and all would be well. Unfortunately doing it this way caused the merge to include all the history from the private branch, which would include the sensitive data, so that is a no-go.

Is it possible to do this some other way?

I'm also open to alternative solutions.
How are these situations usually solved?
I feel like this can't really be a unique situation.

1 answers

solution1
 3 ACCPTED  2019-04-15 20:30:20

You can use Heroku's Config Vars to store your sensitive data. You'll be able to access the data as environment variables from your code.

Most cloud hosting services these days give you the ability to set environment variables and it's considered good practice to use it for sensitive values.

As an example, you can set an environment variable using the heroku cli like this: 

heroku config:set GITHUB_USERNAME=joesmith

Most programming languages provide a way to access environment variables. For example, with Python you could use: 

import os
print(os.environ['GITHUB_USERNAME'])

Wherever you currently use your sensitive data, you could then just replace it with the environment variables.

Another advantage of environment variables is that they are ubiquitous. Almost every operating system and cloud service supports them, so they would be one less thing to worry about if you want open source your project and support as many platforms as possible.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Using public git repositories on private git server Using github to host public git repositories whilst ensuring that sensitive data files remain untracked Why are git private tags and associated private code uploaded to public repositories? How to synchronize private organization's Git repositories with public GitHub? Setting up private multiple public/private Git repositories with Apache and mod_macro How do you handle sensitive data in a public git repo? git public key for more repositories How to setup public git repositories? Yarn not install git private repositories git workflow: public and private repositories where folder contents diverge but won't be merged
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM