Click on a file in Heroku that is not in my git repository.

Question

Click on a file in Heroku that is not in my git repository.

Problem:

I have passwords.py that I need to click on Heroku for my application to work, but I can’t pass it to the public git repository, because then someone can view my passwords.

Passwords are tokens / secert_key / other_api_keys so that my application can authenticate its requests to third-party apis. I store them in base64 encoding in passwords.py , but if I click on git encoded, it will be easy for anyone to see passwords using b64decode() .

How can I pull out my password file in Heroku without including it in my public git repository?

or

How can I safely store my passwords in my public git repository

What I tried:

git clicking a single file doesn't seem like a choice. Using any such method for encoding / decoding, passwords would give me a false sense of security. Any ideas on how to solve it? Thanks!

+4

git python heroku

agconti Jul 24 '13 at 16:57

source share

2 answers

Create a second branch containing the file. Do not track it in your public repository.

Whenever you need to click on a hero, reinstall this branch for control, and then click this branch on Heroku.

+1

alternative Jul 24 '13 at 16:59

source share

Rob wagner · Accepted Answer · 2013-07-24T16:59:17+0000

Use environment variables! You can access them from your python scripts, and heroku makes it easy to install them for your application.

There is some information about installing configuration vars in the hero.

Click on a file in Heroku that is not in my git repository.

Problem:

What I tried:

More articles: