Menu
How do you handle sensitive data like secret API keys, hash salts when you keep your code in a public git repo?
Obviously keeping the sensitive data in the code will compromise it.
Another solution is to not hardcode the secret info in the code, but store it in a stand-alone file and gitignore the file. This has the disadvantage that when someone pulls your code for the first time the secret information will be missing and it won't run out of the box. This can be accounted for by writing a "initialize if missing" routine in the code, but then you're letting the git system slip into your code, which is IMO not a good thing.
And another solution is making a "default" secret information file, commit it at the start of the project and then use your own information without committing it. But this may make git complain that you have un-commited changes when you pull.
So what is the common way to handle this?
583
Git was built originally to be the Linux kernel's version control system, so unsurprisingly, it's case-sensitive. While many of the issues with a case-insensitive OS have been addressed in Git for Windows, a few quirks remain.
It's usually not super sensitive information, but one might want to think twice about whether it's a good idea to sent that to somebody else. As an alternative, I'd suggest to clone the repo into a new directory, alter the settings you wanted to preserve and send that new repo instead.
Try to use .gitattributes for path with configured encryption/decryption filter:
*secure.yml filter=crypt And in the .git/config add the configuration for crypt filter:
[filter "crypt"] clean = openssl enc ... smudge = openssl enc -d ... required If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
