When working in a project that uses Git version control, it is important to be diligent with sensitive information such as database credentials, SSH keys, or API secrets. Never hardcode any secrets in methods, classes, forms, etc. Instead, the secrets should be stored in a separate, untracked file. Then, a method can be used to extract the information from that file. For example, in a project that uses 4D Netkit to send emails via Gmail server, the Google server must be provided with the client ID and secret upon sign-in. The client ID and secret can be stored in a file called "oauth2.json", like this:

{
   "client_id":"9999-a1b2c3d45678.apps.googleusercontent.com",
   "client_secret":"ABCDEF-GhIjKL",
}

The above file would only be stored locally and never be tracked by Git because it would always be listed in the gitignore file.
Then, a method called "getOAuth2Info" can be created to extract the JSON object from the file, like this:

#DECLARE()->$info : Object $file:="oauth2.json" If (Test path name($file)=Is a document)    $text:=Document to text($file)    $info:=JSON Parse($text) End if

Finally, in the method that performs the Google sign-in, the above method can be called to provide the secrets, like this:

// ... $oauthInfo:=getOAuth2Info $param.clientId:=$oauthInfo.client_id $param.clientSecret:=$oauthInfo.client_secret // ...

This way, the secrets can be accessed securely and are always kept out of public reach. When collaborating developers need the latest secrets for their own local repository, the file should be transferred offline or via another secure method.

If any files containing secrets are inadvertently uploaded to a remote repository, removing the files is generally not enough to prevent security compromise, because those files can still be viewed in Git history. The secrets should be wiped from the version history, as well as revoked and rotated.