this post was submitted on 12 Jul 2024
368 points (97.4% liked)
Programmer Humor
19548 readers
1182 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If I had a dollar for every API key inside a config.json…
Here's the thing, config.json should have been on the project's .gitignore.
Not exactly because of credentials. But, how do you change it to test with different settings?
For a lot of my projects, there is a config-.json that is selected at startup based the environment.
Nothing secure in those, however.
When it's really messy, we:
I actually do have a dollar for every API key I or my team have committed inside a config file.
And...I'm doing pretty well.
Also, I've built some close friendships with our Cybersecurity team.
Can I have a dollar for every public S3 bucket?
Might just make enough to pay your AWS bill this month.