You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 14, 2022. It is now read-only.
Probably putting the passwords in CI environment variables. Or removing the env files with passwords from git, and copying them by hand at deployment.
But if you are using a CI/CD system like GitLab, Travis, Drone, Jenkins, etc. you can probably set the passwords as environment variables of the deployment in a way that is private to the account handling the CI/CD, even if it's connected to a public repo.
Also, you can pass environment variables directly in Docker Compose, using environment, you don't have to use the environment files (if you don't want to).
And in the Docker Compose, the value of the environment variables, can be also read by Docker Compose itself from environment variables. That way you could pass them to your app through Docker, without ever having them written to disk.
What would be the best practice for securing passwords on deploying from a public repository?
The text was updated successfully, but these errors were encountered: