Hacker News new | ask | show | jobs
by suprememoocow 3271 days ago
Andrew, co-founder of Gitter here.

Removing secrets was a lot of work - more than I expected - while we open-sourced the product.

I agree with your sentiment though. Handling secrets in a codebase is not something that it currently easy or standardised.

As an aside, BFG Repo Cleaner really helped a lot with cleaning things up: https://rtyley.github.io/bfg-repo-cleaner/
2 comments
kobeya 3271 days ago
It's been my impression that the standard (promoted by services like Heroku and Travis) is to pass secrets as environment variables.
link
suprememoocow 3271 days ago
Fair enough: this is exactly what we've moved to on Gitter on Gitter since open-sourcing the product.
link
StavrosK 3271 days ago
I quite like git-crypt for secrets, I store them in a single place (eg as environment variables) and encrypt that.
link