Should You Push API Keys in a Private GitHub Repo?

0
2
Asked By CuriousCoder29 On

I'm working in a team that uses a private GitHub repository for our project. I wanted to know if it's safe to push API keys in the app settings, or should I just message my colleague to get the keys instead?

5 Answers

Answered By SecureDev93 On

Realistically, while some might push keys, it's a bad practice. You should never store keys on servers you don’t control, and it’s better to separate your configuration from your code.

ByteSize78 -

Exactly! Keeping them out of your codebase makes things easier when moving between environments.

Answered By VaultMaster21 On

You really want to avoid committing any keys or secrets. Look into using tools like HashiCorp's Vault for managing secrets. It’s a solid way to secure your keys.

Answered By DevDude42 On

In a perfect world, each team member would have unique API keys, but that can be tough to manage. If you have a lot of changes, that might create more issues for your workflow.

Answered By DevOpsNinja07 On

No way! GitHub offers solutions like environment variables and secrets specifically for this reason. Use those instead of hardcoding anything important.

Answered By TechGuru88 On

Definitely not! You should never push API keys to any repository, even if it's private. A better option would be to use a secrets manager to handle sensitive information. This way, you keep your keys secure and avoid leaks.

CodeWhiz34 -

Agreed! It's much safer to keep API keys out of the repo completely. Secrets managers are designed for this.

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.