Password in application and version control

Hi All,

I was wondering how some of you handle passwords and source control. For example, if you have an application that connects to a database you have to have some kind of connection to even hit the password tables to validate the user which means a stored user id and password is needed in the first place.
I typically store that in a settings file that I explicitly exclude from source control.

Anyone else doing it differently? Is there a better way?


We use .pgpass with our middleware app connecting to a Postgres database.

Hi Kem,

That is a great option for PostgreSQL databases, sadly that is not the only one I have to connect with and not all databases have an equivalent function. :slight_smile:


The other place we put info we want excluded from the repo is in an encrypted file in a known location like Application Data. The encryption key for that file is stored in the app but obfuscated. To be of any use, someone would need access to the source code (or decompile the app) and the file system. But then, if they have all that anyway, they have already gotten in.

That would work nicely.