Storing passwords and private credentials on GitHub

It's a never ending question. And there are never ending answers.

It's a surprisingly common problem with Version Control Systems. How to keep secret keys (such as database passwords, AWS keys) out of the repository.

So the .gitignore file can be altered to ignore files/directories. This means that any file/directory in the .gitignore file will not be committed. When you clone, push, or pull, these files are not included.

A common method is as follows:

Create a config.xml file, or some configuration file depending on the language and how you want to store it.

It could be a PHP file with some constants, a C# file, etc.

<keys>
    <aws_secret_key>*blahblah*</aws_secret_key>
</key>

Add config.xml to .gitignore.

# Ignore the configuration file
config.xml

Create config.xml.sample. In this file, copy the structure from config.xml and remove the secret information.

<keys>
    <aws_secret_key>An AWS secret key is required to run this project</aws_secret_key>
</keys>

Commit config.xml.sample to the repository. It doesnt contain any secret data but will ensure other users of the repository know how to add the required keys.

Be sure to add this to the documentation to ensure that everyone is aware that they need to create a configuration file.

Written by Kieran on 2019-04-19
This website uses Cookies to enhance your experience. Close Manage