One does not commit or compile credentials
Context:
This meme was brought to you by the PyPI Director of Infrastructure who accidentally hardcoded credentials - which could have resulted in compromissing the entire core Python ecosystem.
You are viewing a single thread.
View all comments 88 points
If I had a dollar for every API key inside a config.json…
40 points
Here’s the thing, config.json should have been on the project’s .gitignore.
Not exactly because of credentials. But, how do you change it to test with different settings?
19 points
12 points
*
19 points
5 points
8 points
*