Some of my programs require some confidential data (authentication mainly) to work properly.
I often put my own credentials in the main() of the sourcecode when developing and testing to see if my code works, and remove them when all is OK. However, it’s easy to forget removing them.
What is a good approach to prevent these confidential data from ending up in a version control commit?
I use Mercurial (and Python).
I’ve been thinking of:
- automatic running some sensitive-data checking script on commit, which aborts if it finds some specific strings (doesn’t seem fool proof, requires maintaining the sensitive strings)
- storing the confidential data somewhere else (where?, how to practically import/use them?).
- using a testing branch (but doesn’t really solve the problem)
- providing the confidential data as command line arguments (too unpractical)
Put things like authentication data in a config file, then add that config file to the set of ignored files in your VCS (in Mercurial, that’s
.hgignore).