Skip to main content
Software Engineering

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

Required fields*

6
  • 3
    -1 HIGHLY DISAGREE with your statement about configuration files not belonging in source control. Perhaps developer specific configuration files yes, however environment specific configuration files are necessary if you want the ability for a one-step build and deploy of any environment. Commented Nov 18, 2011 at 16:07
  • 2
    @maple_shaft In the context of the question (drupal project or gereric CMS web project) "one-step build and deploy of any environment" is a highly unlikely scenario (will you put production database credentials in with everything?). I'm answering to the question, not providing general guidelines on what should be put under version control. - But your downvote is welcome :) Commented Nov 18, 2011 at 16:11
  • I can see in situations where the source code repository is public, as in open source or where security is an extreme concern like in financial institutions that database credentials do not belong in source control. Beyond that source control should be password protected and limited to a certain set of users, so database credentials in source control should not be a primary concern in that scenario. That you pointed that out to me the downvote does seem harsh, if you edit your answer I can remove it. Commented Nov 18, 2011 at 16:23
  • @maple_shaft Don't worry about the downvote (I've edited the question, but feel free to leave it if you want). As for password protected version control: We recently had to deal with a situation where a laptop was stolen from a member of our management team, that contained the password to our version control system (which at the time had our S3 credentials in). It was a big snafu from his part (laptop wasn't password protected, and a few other details I can't really disclose) but still it's something that can happen to everyone. Building from that experience we moved everything out of vcs. Commented Nov 18, 2011 at 16:34
  • @maple_shaft and although it may seem like I'm advocating paranoia, we now go to the extreme to protect anything related to credentials from similar snafus. Commented Nov 18, 2011 at 16:35