Dear Sergio, You are right that passwords and credentials should not be committed to source code. There are several alternatives available.
If you are running the code on your own machine, logged as you, then I would just keep the credentials in ~/.ssh as a private key. Another place for the credentials might be something like /var/opt/MYAPP/myPrivateKey. In any case, ensure that you protect the key with 400 or 600 security (this assumes you are using Linux or macOS). James Foster > On Jan 16, 2024, at 8:27 PM, sergio ruiz <sergio....@gmail.com> wrote: > > Hi, all. > > One of my projects logs in to Spaces (Digital Ocean’s version of S3). I need > to be able access the credentials, but I don’t want to store them in the > source code, as I will be using Github to store the projects. > > Is there an accepted way to do this (encryption)? > > Should I store them on the system as environment variables? is this efficient? > > thanks! > > > ---- > peace, > sergio > photographer, journalist, visionary > > Public Key: > https://pgp.key-server.io/pks/lookup?op=get&search=0x69B08F58923AB3A2 > #BitMessage BM-NBaswViL21xqgg9STRJjaJaUoyiNe2dV > @sergio_101@mastodon.social > https://sergio101.com > http://www.codeandmusic.com > http://www.twitter.com/sergio_101 > http://www.facebook.com/sergio101 >
