blob: c838f8013dc91afe0d137065d60ebb7c3df3e166 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
Bootstrap secrets management in a project.
Problem: Secrets (e.g., passowrds, API keys) get accidentaly commited and are
leaked when a repository becomes public.
Solution:
secrets.sh.example defines variable names
secrets.sh defines secret values
run.sh sources secrets
.gitignore exclude secrets.sh
Rationale
=========
People are lazy. The less steps the better. So, `run.sh` should create
`secrets.sh` out of `secrets.sh.example`, and nd tell the user to modify it.
This flow is simple and portable. No unreliable dependencies like:
https://pypi.org/project/python-dotenv/ for the people that cannot use os.environ
https://www.npmjs.com/package/dotenv
People often use these tools because they don't know shell scripting. Here's a
quick reminder
```sh
foo=somevalue
./run # does not receive foo
foo=anothervalue ./run # passes foo only for ./run
export foo # mark variable for automatic export
export -n foo # remove export mark
unset foo # delete variable, alongside any marks
set | grep foo # check local variables
env | grep foo # check variables marked for automatic export to the environment of subsequently executed commands
# shell built-ins
help export
help unset
# external programs
man env
# Shell built-ins take precedence over any external program with the same name.
```
Just like the Internet, anything sensitive that git tracks is a pain to remove.
To remove it, the git history has to be rewritten. If others had cloned the
repository they'll need to re-clone it. And at that point, the commited secrets
are already compromised. See https://stackoverflow.com/questions/872565/remove-sensitive-files-and-their-commits-from-git-history
|