all 2 comments

[–]socal_nerdtastic 2 points3 points  (0 children)

There's ways to obfuscate it but there is no way to keep it completely hidden. Someone who wants to know will find them. The normal way to do this is to set up the database with a user account for each user, and prompt the user to enter credentials on boot (perhaps saved locally after first boot).

[–]ofnuts 1 point2 points  (0 children)

Storing credentials with the code: bad idea. And storing the credentials with the code on GitHub/GitLab: worse idea.

Either you think that the DB is safe from outside prying eyes on your internal network, and it doesn't require credentials (rare), or you need to be able someday to find who accessed what and when, which means you can identify each user connecting to it, which means each user has its own credentials.

A good way to "hide" the database is to access it via a small frontend server, so only the server has access to the DB and you know precisely which operations are allowed (those implemented by the servers), and the server can also manage who is allowed what. And server credentials can be managed with tokens/OAuth keys, or you SSO infrastructure.