I have an Eclipse project wired up to Google App Engine through the Google Eclipse plugin. I want to open source the project, but am concerned that there might be some GAE authentication information in the source tree somewhere that I'm not aware of (perhaps a password or a private key).
Can anyone confirm that the Google Eclipse plugin stores authentication information outside the source tree?
Wouldn't it be simpler to use a separate Eclipse project for the public part of your code? Then you could either copy over the code that you want to publish manually, or selectively pull it from your version control system.
This way you would be certain that no authorization tokens remain, rather than rely on the behavior of a third-party plugin that might or might not change in the future...
EDIT:
From my experience, Eclipse stores project-specific information in the project directory. If you really insist of finding out where the authentication information is stored, you could try the following exercise:
Either commit your whole project to a version control system, or just keep a copy of the project directory.
Change the authentication information e.g. your GAE account password.
Compare the resulting project directory with the previous version/backup and check for any differences.
Even if you find that the authentication information is kept elsewhere, however, I'd still recommend using two separate projects. You should not rely on undocumented behavior for security and you might also find the separation useful if, for example, you want to keep your release and development branches separate in the future.
