How to push code to Github hiding the API keys?

Sreeram TP picture Sreeram TP · Jun 3, 2017 · Viewed 29.9k times · Source

I want to push some codes to my GitHub Repository. These codes are in different languages like Javascript, Java, Python etc. Some of those codes contain some private API key that I don't want to publish.

Is there any way to hide the keys automatically.? Should I remove it from my code manually.?

There are many projects that I want to push to GitHub. So, manual removal is not a good option.

Answer

Przemysław Zalewski picture Przemysław Zalewski · Jun 3, 2017

You should consider using .env files and read the keys from the environmental variables. How to do so depends on the language and tools you use (for node.js, php, etc.).

You can exclude .env file from commits by adding .env to the .gitignore. You can also upload an example configuration .env.example with dummy data or blanks to show the schema your application requires.