Closed maxmagee closed 6 years ago
maxmagee
commented
6 years ago Doing a bit of research on this and it's clear that I shouldn't be storing API keys in the repository at all (even using a .gitignore).
This article points to an encryption tool that might work for me.
maxmagee
commented
6 years ago I think I'll eventually go with Git-Secret. Until then, since it's just me working on this project, I'll roll with a .gitignore approach so this doesn't block progress.
It's clear that I don't want to check in secret API keys into the public repository. I need to figure out the best way to store those but at the same time make it easy to know where keys should be placed should someone want to spin up a new instance of this.
Also, might want to consider how to properly store secret keys on the device in a separate issue.