I’m a relative Github newbie. I’m developing a Python app which I’m holding in Github. Currently a private repo but will be public soon. The app holds config data in an ini file which includes various api credentials for the web services the app uses. I want to hold the ini file with the code in Github for ease of version control but need it to be encrypted. Not talking banking level encryption here - just want to avoid unauthorised people using my test web services credentials. What is the best/most transparent way of doing this? My devt environment is MS Visual Studio 2017. I’ve seen a number of plugins that enable encryption/decryption on the fly from VS2017 but don’t know how good/secure they are. Any recommendations?
We don’t recommend storing anything that you want to keep secret in a public GitHub repository, even in an encrypted form. There’s too much possibility for a slip-up exposing valuable credentials which can then cost you or your company a lot of money and time.
Additionally, credentials typically aren’t “versioned” alongside the code. For example, let’s say that your project has been being worked on for a couple years. Let’s also say that in that time, you’ve rotated the credentials a couple times. If you go back to an old version of the code and try to boot it up, you may be using an old, expired set of credentials. What you really want is the current set of credentials with the old code. So they really should be stored separately.
I hope that helps!