Where developers come to connect, share, build and be inspired.

22

Prevent sensitive data & credentials being committed

2810 views

I've had to add sensitive data (database connection details, API keys etc) to files that can't be added to .gitignore many times. I do this by committing the file with variable placeholders...

$secret = 'XXXXXXXXXX';

...then use the following command to ignore my future changes:

git update-index --assume-unchanged /path/to/file

If I need to make a change to this file in the future, I can remove my credentials, use placeholders as above, and issue the following command to have changes tracked again:

git update-index --no-assume-unchanged /path/to/file

Comments

  • Photo_on_08.01.2013_at_04.15
    sheerun

    It's only time when someone someone forgets assume-unchanged and commits his passwords. It should be probably used with some sort of init script or git's smudge and clean filters.

    *.example files are the safest option I know so far.

  • Blank-mugshot
    langpavel

    Also .gitignore + *.example files are better for contributors. Lot of people do not know about --assume-unchanged.

    But perfect for private repos! Thanks!

  • Blank-mugshot
    jorgeguberte

    I bashed my head the whole day yesterday between .gitignore and .gitattributes, only to find --assume-unchaged here. Thank you!

Add a comment