top | item 14694481

(no title)

Andrew, co-founder of Gitter here.

Removing secrets was a lot of work - more than I expected - while we open-sourced the product.

I agree with your sentiment though. Handling secrets in a codebase is not something that it currently easy or standardised.

As an aside, BFG Repo Cleaner really helped a lot with cleaning things up: https://rtyley.github.io/bfg-repo-cleaner/

discuss

kobeya|8 years ago

It's been my impression that the standard (promoted by services like Heroku and Travis) is to pass secrets as environment variables.

Fair enough: this is exactly what we've moved to on Gitter on Gitter since open-sourcing the product.

StavrosK|8 years ago

I quite like git-crypt for secrets, I store them in a single place (eg as environment variables) and encrypt that.