1. IT宝库
  2. 编程技术问答
  3. 其他开发
  4. 如何将代码推送到Github,隐藏API密钥?

如何将代码推送到Github,隐藏API密钥?[英] How to push code to Github hiding the API keys?

 

本文是小编为大家收集整理的关于如何将代码推送到Github,隐藏API密钥?的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。

问题描述

我想将一些代码推向我的GitHub存储库.这些代码使用不同的语言,例如Javascript,Java,Python等.其中一些代码包含一些我不想发布的私有API键.

有什么方法可以自动隐藏密钥.我应该手动从代码中删除它吗?

我想将许多项目推向github.因此,手动删除不是一个不错的选择.

推荐答案

您应该考虑使用.env文件并读取环境变量的键.这样做的方法取决于您使用的语言和工具(对于 node.js php 等).

您可以通过将.env添加到.gitignore中,将.env文件排除在提交之外.您还可以使用虚拟数据或空白上传示例配置.env.example以显示您的应用程序所需的模式.

其他推荐答案

任何时候有敏感数据的文件,例如

config.yml

您不得将它们提交给您的存储库.我会告诉你一个例子.

假设您有一个带有一些用户名和密码的YAML文件:

# app/config/credentials.yml
credentials:
    username: foo
    password: bar

如果要隐藏foo和bar值,请从存储库中删除此文件,但添加旨在维护用户名和密码字段的distribution文件,但没有任何实际值: 

# app/config/credentials.yml.dist
credentials:
    username: ~
    password: ~

在安装过程中,您可以通过将app/config/credentials.yml.dist复制到app/config/credentials.yml中获取此文件.

另外,请记住将app/config/credentials.yml添加到您的.gitignore文件.

与API键相同:

# app/config/config.yml
config:
    credentials:
        username: foo
        password: bar
    api_stuffs:
        api_foo: fooooo
        api_secret: baaaaar
        api_token: tooooken

这对配置文件非常有效,并且是一个很好的模式,每当您需要共享配置的结构而不是敏感数据时,可以节省您.初始文件,配置等.

其他推荐答案

您可以在服务器中添加 EnviOnment变量所有流行的编程语言都有默认方法来实现环境变量.

本文地址:https://www.itbaoku.cn/post/1937867.html

百度翻译此文   有道翻译此文

问题描述

I want to push some codes to my GitHub Repository. These codes are in different languages like Javascript, Java, Python etc. Some of those codes contain some private API key that I don't want to publish.

Is there any way to hide the keys automatically.? Should I remove it from my code manually.?

There are many projects that I want to push to GitHub. So, manual removal is not a good option.

推荐答案

You should consider using .env files and read the keys from the environmental variables. How to do so depends on the language and tools you use (for node.js, php, etc.).

You can exclude .env file from commits by adding .env to the .gitignore. You can also upload an example configuration .env.example with dummy data or blanks to show the schema your application requires.

其他推荐答案

Any time you have files with sensitive data like

config.yml

you MUST NOT commit them to your repository. I'll show you an example.

Suppose you have a yaml file with some username and password:

# app/config/credentials.yml
credentials:
    username: foo
    password: bar

If you want to hide the foo and the bar values, remove this file from your repository, but add a distribution file that aims to maintain username and password fields, but without any real values:

# app/config/credentials.yml.dist
credentials:
    username: ~
    password: ~

During installation you can get this file by copying app/config/credentials.yml.dist to app/config/credentials.yml.

Also, remember to add app/config/credentials.yml to your .gitignore file.

Its the same with api keys:

# app/config/config.yml
config:
    credentials:
        username: foo
        password: bar
    api_stuffs:
        api_foo: fooooo
        api_secret: baaaaar
        api_token: tooooken

This works well for configuration files, and is a good pattern that saves you every time you need to share the structure of a configuration but not sensitive data. Init files, configurations and so on.

其他推荐答案

You can add enviornment variables in your server to hide your API keys. All popular programming languages have default methods to acess the enviornment variables.

上一篇:生成API密钥的最佳方法
下一篇:在Git中隐藏API密钥的正确方法
相关问答
  如何将wiki推送到github
  在GitHub上共享代码时,如何隐藏Google Maps API密钥?
  如何用部署密钥推送到受保护的github分支?
  隐藏Github页面的api密钥
  将本地分支推送到GitHub上
  从RStudio推送到Github
  无法推送到GitHub
  推送到github的问题
  我可以在推送到GitHub时隐藏提交的时间吗?
  我如何推送到github上的拉动请求?
更多内容  更多相关问答
相关标签/搜索
git github wiki android map api-key ajax authorization github-pages git-push