Best practices for `license.key` in terms of `.gitignore`?
khalwat opened this issue · 3 comments
According to More Information than You Require About Craft License Keys:
Don’t give anyone access to the license.key file that you don’t trust or owe money to! Remember that everyone that has access to the license key can easily transfer it to a new domain.
That being the case, what's the best practices in terms of checking license.key into your git repository?
Obviously public would be a bad idea, but private seems on par with checking in your passwords or access tokens?
The .gitignore file for this starter repo doesn't specifically exclude license.key so I figured I'd ask...
Most Craft projects aren’t published to public repos, so generally not a major concern. And we need to update that article a bit – now with Craft ID, if you’ve claimed a Craft license there you don’t have anything to worry about, even if the license key becomes public.
^ that's what I was assuming @brandonkelly -- thanks for the clarification!
Came across this trying out Craft4, wanted to publish some example repositories publicly on Github as well for DDEV + Gitpod.
Is there a recent guide on how to approach this? Move license key to .env or just gitignore it?
Couldn't find infos in this KB: Licensing & Editions Articles. Only this paragraph:
Don’t give anyone access to the license.key file that you don’t trust or owe money to! Remember that everyone that has access to the license key can easily transfer it to a new domain.
https://craftcms.com/knowledge-base/more-information-than-you-require-about-craft-license-keys
Thanks in advance!