Ask HN: What do you use to encrypt source code?

1 points by epynonymous ↗ HN
in the past, source code's been mostly kept in private source code management (scm) servers, for the most part access could be controlled. nowadays more and more projects are turning to hosted scm services like github and bitbucket. i personally use bitbucket myself and find them to be quite trustworthy and safe, but what, if anything, are folks using to secure sensitive parts of their source code? for example, if i have authentication logic somewhere in my source code that if somehow exposed to a hacker or a misguided employee would lead to millions of customer accounts being potentially compromised.

i have thought about encrypting sensitive source files before checking in, but then you really lose the ability to track changes, which is really one of the reasons why i'm using scm in the first place. any ideas out there? perhaps the best thing to do is to keep a private repository? i also use config files, but need to encrypt the keys inside of the files so it becomes somewhat of a chicken and an egg problem.

2 comments

[ 5.0 ms ] story [ 16.9 ms ] thread
Yep, if you don't trust hosted SCM services, just don't use them.
i was looking for a more elegant solution, but your response does make sense.

i doubt facebook uses github or bitbucket for their proprietary source.

from the legal side of things, i'm sure there are provisions for such abuses or leaks of information from service providers, but that's rather difficult and i'd rather not go that route.

but what do you do for a large project where internal parties could be culprits? facebook and google have fired employees for inappropriate meddling of classified information. the problem is not necessarily just at the service provider level.