Password-store git repository inference using symlinks

[Allan Odgaard]

On 20 Feb 2021, at 15:56, chemmi at posteo.org wrote:

> I want to store secret data from a git-project in that project 
> repository and want to link it in my password-store.
> […]
> Or does anyone here has a hint how I can approach the issue 
> differently?

I wonder why you think the secret data belongs in your project.

As I see it, secret data depends on the environment, for example, a web 
project may run in a virtual machine, a staging environment, or 
production. For these 3 environments, the secret data will differ.

Or you could have a project where deployment builds are signed and 
uploaded to a server, but again, if someone else clones this project, 
they should not sign releases with my signing key or upload them to my 
server with my credientials, so I make sure these things are not part of 
the project.

I know this is not helpful to actually solving your problem, but I would 
suggest reconsidering how you manage your secret data.

Even for private projects that are only for myself, I think it is still 
good to treat them as they would be public, and remove anything 
“hardcoded” such as API keys, passwords, etc.