kubi kubi - 1 year ago 82
Git Question

What is the best practice for dealing with passwords in github?

I've got a little Bash script that I use to access twitter and pop up a Growl notification in certain situations. Whats the best way to handle storing my password with the script?

I would like to post this script on GitHub, but I'm wondering what the best way to keep my login/password private while doing this is. Currently the password is stored in the script itself. I can't remove it right before I push because all the old commits will contain the password. Developing without the password isn't an option. I imagine that I should be storing the password in an external config file, but I thought I'd check to see if there was an established way to handle this before I tried and put something together.

Answer Source

The typical way to do this is to read the password info from a configuration file. If your configuration file is called foobar.config, then you would commit a file called foobar.config.example to the repository, containing sample data. To run your program, you would create a local (not tracked) file called foobar.config with your real password data.

To filter out your existing password from previous commits, see the GitHub help page on Removing sensitive data.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download