in reply to Passwords/passphrases in your Distributed Version Control System

I have the credentials either in the environment or a separate config file, and neither of them go into source control.

Having the credentials in the environment has the drawback of making them "easily" available to other processes of that user and thus, potentially other processes on that machine.

Having the credentials in a separate config file (think .netrc) has the drawback of having them on file at all. The advantage is that you can explicitly exclude that credentials file from the main repository and potentially keep the credentials file in another, "highly secure" repository.

  • Comment on Re: Passwords/passphrases in your Distributed Version Control System
  • Download Code

Replies are listed 'Best First'.
Re^2: Passwords/passphrases in your Distributed Version Control System
by erix (Prior) on Apr 01, 2019 at 09:49 UTC

    Having the credentials in the environment has the drawback of making them "easily" available to other processes of that user

    I set all test environment config in a dedicated test-xterm (with screen inside, so it can proliferate). Something like:

    export FOO=foo
export BAR=bar
export PATH=whatever/bin:$HOME/bleadperl/bin:$PATH
export PGPASSFILE=$HOME/.someplace/.pfile
xterm -wf -geometry 200x50 +sb -u8 -fg white -bg black -e "screen -Um 
+-t '${screen_title}'" &

    [download]

    for instance test database passwords (low value) would be in a file pointed at by one of the env vars (Postgres uses PGPASSFILE).

[reply]
[d/l]

In Section Meditations