Any time you have files with sensitive data like
config.yml
you MUST NOT commit them to your repository. I’ll show you an example.
Suppose you have a yaml file with some username and password:
# app/config/credentials.yml
credentials:
username: foo
password: bar
If you want to hide the foo and the bar values, remove this file from your repository, but add a distribution file that aims to maintain username and password fields, but without any real values:
# app/config/credentials.yml.dist
credentials:
username: ~
password: ~
During installation you can get this file by copying app/config/credentials.yml.dist to app/config/credentials.yml.
Also, remember to add app/config/credentials.yml to your .gitignore file.
Its the same with api keys:
# app/config/config.yml
config:
credentials:
username: foo
password: bar
api_stuffs:
api_foo: fooooo
api_secret: baaaaar
api_token: tooooken
This works well for configuration files, and is a good pattern that saves you every time you need to share the structure of a configuration but not sensitive data. Init files, configurations and so on.