I'm new at git so please bear with me.
Say i have a file under version control that includes sensitive data. Sure enough, I put that file in my .gitignore file, so it doesn't get pushed to the repo. The problem now is somewhere in my project i have a line like
#include <sensitivedata>
or whatever your language of choice is.
The problem is whenever somebody clones from that repo, that file is missing and he gets a fatal error when trying to build / compile the solution.
So, instead of pushing the file I'm actually working on I want to push some dummy file with the same name instead, where I place a comment like
// replace the next line with the sensitive data!!!
How would I do this?
You could use .gitatrributes to filter the contents:
.gitattributes
secrets.h filter=secret merge=keepMine
.git/config
[filter "secret"]
clean = echo "// replace the next line with the sensitive data"
smudge = cat
[merge "keepMine"]
name = always keep mine during merge
driver = /bin/true %O %A %B
I threw in a 'keepMine' merge to prevent accidental merges. However, AFAIK merge should not even kick in, as local changes would be effectively 'invisible' due to the clean
filter step. Regardless of what's actually in secrets.h
, the repo file will always contain:
// replace the next line with the sensitive data
E.g.:
/tmp/work$
echo '// agent 007 reporting for duty' > secrets.h
/tmp/work$
git status -s
M secrets.h
/tmp/work$
git diff
/tmp/work$
git cat-file -p HEAD:secrets.h
// secret contents not in repo
i do not know if the c++ preprocessor is able to do this (i assume the code shown above is for some c-style preprocessor), but here is what i do in similar cases:
commit in git:
- default.config
- user.config.template
put in gitignore:
and then i have code that basically does:
if (file_exists(user.config)):
use user.config
else:
use default.config
that way i can supply some sensible default and have a simple and clean way to override it.