Where developers come to connect, share, build and be inspired.


Prevent sensitive data & credentials being committed


I've had to add sensitive data (database connection details, API keys etc) to files that can't be added to .gitignore many times. I do this by committing the file with variable placeholders...

$secret = 'XXXXXXXXXX';

...then use the following command to ignore my future changes:

git update-index --assume-unchanged /path/to/file

If I need to make a change to this file in the future, I can remove my credentials, use placeholders as above, and issue the following command to have changes tracked again:

git update-index --no-assume-unchanged /path/to/file


  • Photo_on_08.01.2013_at_04.15

    It's only time when someone someone forgets assume-unchanged and commits his passwords. It should be probably used with some sort of init script or git's smudge and clean filters.

    *.example files are the safest option I know so far.

  • 2616d7d4ddc1de7e87bc92f939178603

    Also .gitignore + *.example files are better for contributors. Lot of people do not know about --assume-unchanged.

    But perfect for private repos! Thanks!

  • 06d1ac58fae56709d0fbf0c4b7e9d47f

    I bashed my head the whole day yesterday between .gitignore and .gitattributes, only to find --assume-unchaged here. Thank you!

Add a comment