Hacker News new | ask | show | jobs
by bastawhiz 2079 days ago
This still seems ridiculous. Why did I need to keep secrets in my repo to begin with? GAE, as far as I can tell, has been the only major PaaS that hasn't offered a solution for this. It's so easy to get wrong...it contradicts one of the biggest rules of version control: keep your secrets out of your repo.
1 comments
stickfigure 2077 days ago
There are a million ways to do it that don't require Google? Your CI system builds the production image, it can get secrets from anywhere.
link
bastawhiz 2077 days ago
My CI system arguably shouldn't have access to production secrets any more than my developers' macbooks.
link