• pixxelkick@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    A config file outside of the repository to be specific.

    On Linux it can go somewhere under ~

    On windows it can go somewhere in AppData

    Ie; ~/YourAppName/Secrets.json or whatever your config file flavor is. Json, yaml, xml, whatevs

    • tmRgwnM9b87eJUPq@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      No. For development purposes I want my devs to be able to clone the repo and start.

      So the development config files are inside the repositories.

      • DoomBot5@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Wow, that’s a terrible security process even for development configs. How about adding a script they can run right after cloning to pull the needed keys from a secure location using their own user credentials? Plenty of solutions out there.

        • tmRgwnM9b87eJUPq@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          So let’s say the code base leaks.

          Let’s say our VPN was also compromised.

          Then what is the worst that can happen? Some internal dev api with no real data in it can be tested by hackers.