7

I'm new at git so please bear with me.

Say i have a file under version control that includes sensitive data. Sure enough, I put that file in my .gitignore file, so it doesn't get pushed to the repo. The problem now is somewhere in my project i have a line like

#include <sensitivedata>

or whatever your language of choice is. The problem is whenever somebody clones from that repo, that file is missing and he gets a fatal error when trying to build / compile the solution.

So, instead of pushing the file I'm actually working on I want to push some dummy file with the same name instead, where I place a comment like 

// replace the next line with the sensitive data!!!

How would I do this?

lightxx
  • 1,037
  • 2
  • 11
  • 29

2 Answers2

7

You could use .gitatrributes to filter the contents:

  • .gitattributes

    secrets.h filter=secret merge=keepMine

  • .git/config

    [filter "secret"]
clean  = echo "// replace the next line with the sensitive data"
smudge = cat

[merge "keepMine"]
    name = always keep mine during merge
    driver = /bin/true %O %A %B

I threw in a 'keepMine' merge to prevent accidental merges. However, AFAIK merge should not even kick in, as local changes would be effectively 'invisible' due to the clean filter step. Regardless of what's actually in secrets.h, the repo file will always contain:

// replace the next line with the sensitive data

E.g.:

/tmp/work$ echo '// agent 007 reporting for duty' > secrets.h
/tmp/work$ git status -s
M secrets.h
/tmp/work$ git diff
/tmp/work$ git cat-file -p HEAD:secrets.h
// secret contents not in repo

sehe
  • 374,641
  • 47
  • 450
  • 633
  • 2
    A heads-up: `.git/config` files are local. You need to make sure all users of this repo have the filter definitions, since `.gitattributes` is in the repo. You might want to read the [git-attributes man page](https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html) for more details – sehe Jul 05 '13 at 08:03
0

i do not know if the c++ preprocessor is able to do this (i assume the code shown above is for some c-style preprocessor), but here is what i do in similar cases:

commit in git:

  • default.config
  • user.config.template

put in gitignore:

  • user.config

and then i have code that basically does:

if (file_exists(user.config)):
    use user.config
else:
    use default.config

that way i can supply some sensible default and have a simple and clean way to override it.

mnagel
  • 6,729
  • 4
  • 31
  • 66
  • 1
    Thanks for your input. I was thinking something along the same lines as you, but then decided against it as I completely want to separate any source control issues from the the actual code. Just for the sake of completeness if someone else wants to go that route, it could be done by using something like this in the makefile: http://stackoverflow.com/a/142926/899260 – lightxx Jul 05 '13 at 08:47