Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
How do you hide the consumer secret for Twitter which uses Oauth in your open-source project? Do you add the secret to the code before production deployment?
This goes for secrets/passwords in your open-source code in general as well.
The standard solution is to store it in a config file. Therefore everyone who wants to install and run the software needs to register his/her own password to use your software.
Generally, for server-based software, each installation is a separate service. For example NBC Universal, NPR and Huffington Post all use the same software but are considered different entities. Therefore this makes sense in general.
However, for desktop-based software this is not the case. The word processor used by NBC, NPR and Huffington Post are not considered different software but is just Microsoft Word. So for desktop-based software (or mobile App) the solution is similar except that you include the necessary private key/secret code during the build process. Again, keeping this all in config files makes life easier. Just make sure that the example/default config file that you upload to the public repo does not contain any secrets.