search

buckmaxwell / github-issues-ebs

An implementation of evidence based scheduling (EBS) for github issues. This tool will integrate with Github Issues and Google Calendar and help developers and teams to accurately estimate timelines. The tool pairs well with Agile methodologies or can stand alone.
0 stars 0 forks source link

Don't store credentials in the repo #21

Open erikthiem opened 6 years ago

erikthiem commented 6 years ago

I have previously used the dotenv ruby gem for loading credentials from the .env file. It works swimmingly and I highly recommend it. Regardless of what we use, we should absolutely not store credentials (such as the GitHub ones recently added) in the repo.

buckmaxwell commented 6 years ago

We ARE using dotenv. The creds shouldn't have showed up. Must have not had it in my git ignore

On Oct 27, 2017 2:35 PM, "Erik Thiem" notifications@github.com wrote:

I have previously used the dotenv ruby gem for loading credentials from the .env file. It works swimmingly and I highly recommend it. Regardless of what we use, we should absolutely not store credentials (such as the GitHub ones recently added) in the repo.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/buckmaxwell/github-issues-ebs/issues/21, or mute the thread https://github.com/notifications/unsubscribe-auth/AF7DlE8_CYJAv3Xt4FAxEitxqogwXzW0ks5swky1gaJpZM4QJpOv .

erikthiem commented 6 years ago

We should use something like BFG (as mentioned here: https://help.github.com/articles/removing-sensitive-data-from-a-repository/) to remove it from the repo history.

buckmaxwell commented 6 years ago

Other option: remove files from repo for the future w git rm then change the secrets. Much easier and keeps our git history in tact.