Ignoring sensitive data additions to configuration files in git

With all the public open source repositories and cloud services there comes sensitive data ignoration problem. For example we can host our testing environment settings in Azure and save that hosting’s password / keys in configuration file. After some time we can suddenly get a huge bill because someone had used your credentials to install too many bitcoin miners in your cloud. Sure there are some other reasons to hide that information too 🙂
In this example we will use git as source control and SourceTree to make the process a bit easier for common routines.
The main idea is to:
1. Commit the file with dummy configuration settings (for example in .NET web project Web.config with database connection strings)
2. Ignore the changes to that file after that.
mm.. Just that simple.
To do that we can run the following command in git console:
git update-index --assume-unchanged FILEPATH
The command updates the index of the repository adding file ignoration without physical file deletion.
If you need to add some changes to the file after ignoring it in the index – you can run almost the same command:
git update-index --no-assume-unchanged FILEPATH
Removing file from indexing can add some problems during merging, but you can deal with them.. Think that’s better then publishing database credentials…
And the last one:
if you want to check which files were ignored from index run (marked as assume unchanged ):

git ls-files -v

list

If you are one of those kids, who use only GUI applications to complete the tasks here is something you’ll probably like:
for now i think the best tool for working with git or mercurial is SourceTree and it has one nice feature to automate the tasks: Custom Actions.
For the commands above you can do the following:

1

2

Then right click the file you want to temporary ignore in SourceTree and select the Custom Action.


Resources

Как я умудрился за 1 день задолжать Amazon 12000$

Git documentation, update index section

Clooit source

Leave a Reply

Your email address will not be published. Required fields are marked *