Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do you handle sensitive data in a public git repo?

Tags:

How do you handle sensitive data like secret API keys, hash salts when you keep your code in a public git repo?

Obviously keeping the sensitive data in the code will compromise it.

Another solution is to not hardcode the secret info in the code, but store it in a stand-alone file and gitignore the file. This has the disadvantage that when someone pulls your code for the first time the secret information will be missing and it won't run out of the box. This can be accounted for by writing a "initialize if missing" routine in the code, but then you're letting the git system slip into your code, which is IMO not a good thing.

And another solution is making a "default" secret information file, commit it at the start of the project and then use your own information without committing it. But this may make git complain that you have un-commited changes when you pull.

So what is the common way to handle this?

like image 583
orlp Avatar asked Mar 04 '12 15:03

orlp


People also ask

Are GitHub repositories case sensitive?

Git was built originally to be the Linux kernel's version control system, so unsurprisingly, it's case-sensitive. While many of the issues with a case-insensitive OS have been addressed in Git for Windows, a few quirks remain.

Does .git contain sensitive information?

It's usually not super sensitive information, but one might want to think twice about whether it's a good idea to sent that to somebody else. As an alternative, I'd suggest to clone the repo into a new directory, alter the settings you wanted to preserve and send that new repo instead.


1 Answers

Try to use .gitattributes for path with configured encryption/decryption filter:

*secure.yml filter=crypt 

And in the .git/config add the configuration for crypt filter:

[filter "crypt"]     clean = openssl enc ...     smudge = openssl enc -d ...     required 
like image 88
lisachenko Avatar answered Oct 05 '22 23:10

lisachenko