Generate and Verify Your Commits With GPG in GitHub

Why should you do it? “Using GPG, you can sign and verify tags and commits. With GPG keys, tags or commits that you’ve authored on GitHub are verified and other people can trust that the changes you’ve made really were made by you.” About GPG | Github Signing our commits is a great way to verify your commits and let your collaborators know that they can trust that you committed those changes in your project....

August 6, 2018 · 5 min · Franccesco Orozco

How to Securely Store Sensitive Configuration With Dotenv

TL;DR: Environment Variables API keys are one example of sensitive information that should remain secret, the problem is that we need to use them in our code to access third-party services like Twitter, Github, DigitalOcean and so on, so how do we manage to use those API keys without hard-coding them into the source code? The twelve-factor app stores config in environment variables (often shortened to env vars or env)....

February 28, 2018 · 4 min · Franccesco Orozco