I have a PHP project on Google AppEngine which has grown popular among engineers in my community and I will like to open source it on GitHub so everyone can give a hand.
The main problem is that the code contains API keys which I want to keep secret but I don't want to remove it from the code so that people can test the code they write for the app before they commit, and I also want to be able to deploy the code directly from GitHub to GAE.
Is there anyway I can keep this API keys/passwords secret without removing them from the code?
In other words how do big companies like Facebook keep their DB passwords safe? So that not every engineer in Facebook can see the DB password in the code?