Goal - Keep Google client ID and secret out of the code and out of GitHub. Description - The project uses Google login. That requires private values that should not be committed into source control. Why this matters - Secrets exposed in code can be abused. We need a safe way to store and load them when the app runs on EC2. - What to do - Decide how secrets will be stored - Use environment variables for local and EC2 runs - Avoid hard-coding private values in files - Document where the secrets belong
Goal
Keep Google client ID and secret out of the code and out of GitHub.
Description
The project uses Google login. That requires private values that should not be committed into source control.
Why this matters