-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How can we manage secrets in public? #270
Comments
this is how I do in #!/bin/bash
source "$DOTFILES_PATH/shell/exports.sh" # here are a $LOCAL_EXPORTS and $LOCAL_ALIASES declarations
source "$DOTFILES_PATH/shell/aliases.sh"
source "$DOTFILES_PATH/shell/functions.sh"
# this exports look like `export LOCAL_EXPORTS="$HOME/.local_exports"`
FILES=(
$LOCAL_EXPORTS
$LOCAL_ALIASES
)
for FILE in ${FILES[@]}; do
if [ -f "$FILE" ]; then
echo "file: \"$FILE\" already exists"
else
touch $FILE
echo "file: \"$FILE\" maked"
if [[ "$FILE" == "$LOCAL_EXPORTS" ]]; then
echo '#!/bin/bash\n# LOCAL EXPORTS DECLARATION\n' >> "$FILE"
elif [[ "$FILE" == "$LOCAL_ALIASES" ]]; then
echo '#!/bin/bash\n# LOCAL ALIASES DECLARATION\n' >> "$FILE"
fi
fi
done now you can add your secrets on ` then I can add source import on source "$LOCAL_EXPORTS" this way allows me to keep secrets stored in my local and prevent to push on the repo |
@OsirisFrik thank you for sharing your approach. I did something similar with my dotfiles: https://github.com/sanchezcarlosjr/dotfiles. However, I prefer to save tokens on GitHub rather than hide the files. The purpose of dotfiles is to track configuration, and since secrets are a kind of configuration, I decided to save them in the cloud. On the other hand, we can't entirely trust cloud providers, and secrets should not be public. Therefore, I created a private repository with encrypted files by CryFS. My dotfiles refer to an unencrypted location on my filesystem, which I mount when needed. Otherwise, the files remain encrypted, thanks to KDE's vault feature. |
I'm wondering how others publish their dotfiles when they might have secrets such as API keys, tokens, and so on. I'm employing CryFS, saving the encrypted data inside my repository, and mounting the secrets when I need them.
The text was updated successfully, but these errors were encountered: