Open erikthiem opened 6 years ago
We ARE using dotenv. The creds shouldn't have showed up. Must have not had it in my git ignore
On Oct 27, 2017 2:35 PM, "Erik Thiem" notifications@github.com wrote:
I have previously used the dotenv ruby gem for loading credentials from the .env file. It works swimmingly and I highly recommend it. Regardless of what we use, we should absolutely not store credentials (such as the GitHub ones recently added) in the repo.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/buckmaxwell/github-issues-ebs/issues/21, or mute the thread https://github.com/notifications/unsubscribe-auth/AF7DlE8_CYJAv3Xt4FAxEitxqogwXzW0ks5swky1gaJpZM4QJpOv .
We should use something like BFG (as mentioned here: https://help.github.com/articles/removing-sensitive-data-from-a-repository/) to remove it from the repo history.
Other option: remove files from repo for the future w git rm then change the secrets. Much easier and keeps our git history in tact.
I have previously used the dotenv ruby gem for loading credentials from the .env file. It works swimmingly and I highly recommend it. Regardless of what we use, we should absolutely not store credentials (such as the GitHub ones recently added) in the repo.