I love GitHub, but just realized a potential mistake that put me into a panic until I’d verified that I hadn’t fallen pray to it yet.
Does your source code include passwords, keys, or other information in plain-text that you wouldn’t like anyone to see?
Does your application include a web.config type file containing such information that is secure when loaded onto a web server, but might be included in your git repository?
Remember, kids! Anything you include in a public GitHub repo is just that – public.
You’ve got a few tools to mitigate this issue:
- Use your .gitignore file
- Add a hook to your git repos to remove sensitive data
- Use your framework’s best practices to mitigate these issues (and improve application security).
Thankfully, I realized this before I’d made any mis-steps, but still. GitHub is a fantastic community and a fantastic tool; just be aware that when you’re sharing source code, make sure it doesn’t contain anything that you wouldn’t want others to see.