Hiding sensitive Jekyll data from public repositories

March 20, 2016
jekyll api credentials security

If you’re hosting your Jekyll config file on a public repository, you probably don’t want to share API credentials with others. Here is a quick guide that ill teach you how to hide some of your Jekyll configuration.

If you plan on using Jekyll plugins such as Twitter or AlgoliaSearch, you want to avoid publishing your API tokens to the world.

So I did some research and found out that you can actually tell Jekyll to use multiple config files. It became obvious that I could simple create YAML config file that I wouldn’t track in Git. Let’s call this config file _secret.yml for the sake of this tutorial.

  1. Open your .gitignore and add _secret.yml
  2. Create a file called _secret.yml in your root folder
  3. Stores all your API tokens in it
  4. Run this jekyll s -c _config.yml,_secret.yml
  5. That’s it! You secret data is safe and won’t be push to your public repository.

Share your strategy to protect your API credentials.

comments powered by Disqus
Want a beautiful and engaging website for your business? Check out YOSA Digital×