Hello, exposing the code on Github would be disastrous. I've seen both well-known clients and people I personally know make this error. Here are the recommendations I give to avoid this potential:
1. Yes, please add config.yaml (or however you choose to store config) to your gitignore. 2. *Important: *make sure you have removed this file from previous git history. See git-filter-branch for tips on how to reengineer your git history. Hint: It's a lot easier to rewrite the history before you push publicly than afterwards. More information: https://help.github.com/articles/remove-sensitive-data 3. Use passwords and tokens that have minimal privileges for the application at hand, just in case something was exposed. For example, your AWS key is the key to your Amazon kingdom. Try to use an IAM role instead of AWS key when supported by external libraries. This is of course a basic principle of security called "least privilege." 4. A final tip: Create a "config.yaml-sample" file with the keys removed, so that a cloner can easily try out your repository by copying the file and filling in the blanks. It's frustrating when you have to go noodling around inside of the documentation to figure out how exactly you need to setup the configuration settings. -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
