Warm tip: This article is reproduced from serverfault.com, please click
git github heroku

Hide specific file from Git public Repo

发布于 2020-11-28 21:24:33

I am making an Economy Discord bot and I want to make the code open source. Currently, I have a private repo for the code. The bot is being hosted on Heroku and is set to whenever the "Master" branch updates, it will auto-deploy the app.Heroku settings set to autodeploy from master branch But I have 2 details that I dont want the open source repo to have. The bots token and a server url that is used to store users data. I dont want the open source repo to have the server url and the token.

Both the token and server url are stored in a .JSON file which will be accessed from the main index.js file. Here is how it looks like:

{
token: "Token_here",
server: "Server_URL_Here"
}

Is there a way to make it so that Heroku and I will have access to the JSON file but the people who is viewing the open source repo to not see the JSON file? Is this possible?

Questioner
Coder Gautam YT
Viewed
11
分享
paulsm4 2020-12-02 08:04:17

There are several alternatives, including "git-crypt"

Since you're using Heroku, this might be your best bet:

https://softwareengineering.stackexchange.com/a/182074/76526

The preferred method of keeping passwords/api keys secret on heroku is to set config values via the heroku commandline application. The following example taken from a heroku dev center article

(The below example, and my entire answer relate to rails apps)

$ cd myapp
$ heroku config:add S3_KEY=8N029N81 S3_SECRET=9s83109d3+583493190
Adding config vars and restarting myapp... done, v14
S3_KEY:     8N029N81
S3_SECRET:  9s83109d3+583493190

Then reference these config values in your code using the ENV[] variable

AWS::S3::Base.establish_connection!(
  :access_key_id     => ENV['S3_KEY'],
  :secret_access_key => ENV['S3_SECRET']
)

This way your sensitive passwords are not stored in the git repository. (Note: When running the app locally, set these values in your .bashrc file

Also, I'm not sure what type of application you are running, but in Rails, heroku does not use your database.yml file, it simply sets your database username/password according to your app settings. So you can avoid saving those credentials in git

Also, also, if you are running your own application and want it to remain private, a great alternative to github is bitbucket which offer free private repositories.

ADDENDUM:

It is working now I had to use .env instead of .bashrc and instead of ENV I had to use process.env.TOKEN, also I had to use the dotenv module at the start of the file(npmjs.com/package/dotenv) – Coder Gautam YT

Coder Gautam YT 2020-12-01 17:30:09

Ok I created .bashrc file for local testing

Coder Gautam YT 2020-12-01 17:30:35

It looks like TOKEN="tokenhere"

Coder Gautam YT 2020-12-01 17:31:07

But when i refer it in code client.login(ENV[token]) i get ENV is not defined

Coder Gautam YT 2020-12-01 23:06:35

It is working now I had to use .env instead of .bashrc and instead of ENV I had to use process.env.TOKEN, also I had to use the dotenv module at the start of the file(npmjs.com/package/dotenv)

热门帖子

1
推荐一些好玩的/大众的手游
2
求指教后端项目迁移方案
3
迷你洗衣机是不是都是智商税?
4
求助一个排查了半年没解决的 MySQL order by 子句导致索引失效的问题, 500 多万条记录的小表要查快两分钟
5
个人开发了一款 WordPress 主题: iPao,集成了 AI 总结功能
6
偶然发现奇游加速器会在系统里植入根证书
7
国内有蒲公英替代品推荐吗?
8
语音助手这个东西真的会监听谈话并且上传,从而泄漏隐私吗?
9
出一些有意思的域名-明盘
10
jetbrains 全家桶升级 2024 后,在滚动代码时候感觉有点掉帧

热门github

1
A multi-platform library for OpenGL, OpenGL ES, Vulkan, window and input
2
Dev tool that writes scalable apps from scratch while the developer oversees the implementation
3
shadcn/ui, but for Svelte. ✨
4
The Python Risk Identification Tool for generative AI (PyRIT) is an open access automation framework to empower security professionals and machine learning engineers to proactively find risks in their generative AI systems.
5
Performance-portable, length-agnostic SIMD with runtime dispatch
6
ZK Credo
7
OpenCodeInterpreter: Integrating Code Generation with Execution and Refinement
8
Joplin - the secure note taking and to-do app with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.
9
Mamba is a new state space model architecture showing promising performance on information-dense data such as language modeling, where previous subquadratic models fall short of Transformers. It is based on the line of progress on structured state space models, with an efficient hardware-aware design and implementation in the spirit of FlashAttention.
10
This repository contains System Design resources which are useful while preparing for interviews and learning Distributed Systems
11
Curso para aprender el lenguaje de programación Python desde cero y para principiantes. 75 clases, 37 horas en vídeo, código, proyectos y grupo de chat. Fundamentos, frontend, backend, testing, IA...
12
🎓 Path to a free self-taught education in Computer Science!
13
1️⃣🐝🏎️ The One Billion Row Challenge -- A fun exploration of how quickly 1B rows from a text file can be aggregated with Java
14
A collective list of free APIs
15
📚 Freely available programming books