hiding part of a git repo from untrusted users

Question

I'm trying to use git in a way that keeps some subdirectories in a project secret/hidden from "untrusted" users, but visible to other "trusted" users. Note that this is not just write protection; the untrusted users can't be allowed to read the secret files either. I'd like the user experience to be as if it was a single git repo, rather than something like submodules.

I'll tell you my only idea so far, in case that spurs some discussion or criticism. I'm considering having two parallel repos behind the scenes on the server. Trusted users clone/pull/push the trusted repo. Untrusted users clone/pull/push the untrusted repo. When a commit is made to the trusted repo, it is filtered to remove secret content before being applied to the untrusted repo. Going the other direction, commits to the untrusted repo are filtered to avoid clobbering secret content before being applied to the trusted repo.

How should I accomplish this goal? Is my proposed solution crazy?

Answer 1

Yes, it's possible and a regular demand.

To do that, you should split your repo to some different repos, and use git submodule to combine theme to a single repo. Then you close read permission of secret repo to untrusted user.

For example, my home config is a public repo in github: https://github.com/perfectworks/home. You can find a private directory in there which is a submodule to another private git repo. Untrusted users can't get anything under this directory unless I authorize them the right.

You can find more things about git submodule here: http://git-scm.com/book/ch6-6.html.