Last Updated: February 25, 2016
·
4.568K
· benthedesigner

Prevent sensitive data & credentials being committed

#git

I've had to add sensitive data (database connection details, API keys etc) to files that can't be added to .gitignore many times. I do this by committing the file with variable placeholders...

$secret = 'XXXXXXXXXX';

...then use the following command to ignore my future changes:

git update-index --assume-unchanged /path/to/file

If I need to make a change to this file in the future, I can remove my credentials, use placeholders as above, and issue the following command to have changes tracked again:

git update-index --no-assume-unchanged /path/to/file
#git

Written by Ben Tadiar

Say Thanks
Respond

Related protips

A better git log

675.1K
50

Please, oh please, use git pull --rebase

561.4K
38

Git - Cloning Specific Commits

477.6K
3

3 Responses
Add your response

sheerun

It's only time when someone someone forgets assume-unchanged and commits his passwords. It should be probably used with some sort of init script or git's smudge and clean filters.

*.example files are the safest option I know so far.

over 1 year ago ·
langpavel

Also .gitignore + *.example files are better for contributors. Lot of people do not know about --assume-unchanged.

But perfect for private repos! Thanks!

over 1 year ago ·
jorgeguberte

I bashed my head the whole day yesterday between .gitignore and .gitattributes, only to find --assume-unchaged here. Thank you!

over 1 year ago ·

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Git Authors
filipekiss
692K
#git
#average at best
khasinski
591.1K
#git
#Ruby
#JavaScript
itseranga
515K
#git
#cryptography
#docker
ihcsim
503.2K
#git
#puppet
#go
dmichaelavila
500.4K
#git
#ruby
#objective-c
Related Tags
#git
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Tools
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#