This document is a work-in-progress that is being updated as we put more code in the open.
Principles for services in the open
- Anyone should be able to clone service code in GitHub and run that service locally in-order to develop on it. All tests should pass and they should use fake/mock dependent services for integration tests.
- Open services should contain the absolute minimum amount of configuration to achieve principle 1. Extra configuration needed for the service to run on the platform with other services will be private.
Working with sensitive strings such as passwords, internal URLs and API keys
The general principle is that code should be written in such a way that precludes sensitive strings being added to the code for any reason in the first place.
- Services will have sensitive strings injected upon deployment; it is not ncecessary for the code repository to contain any senstive stirngs
- Scripts and stand-alone apps obtain sensitive strings by reading them from a file outside of the project. The typical convention for this is to add a hidden ‘dot’ directory in the user’s home directory and a file(s) inside that contains the credentials. An example of this in our releaser app