-1

I'm working on a Ionic/Cordova project which some plugins that need sensitive data:

  • cordova-background-geolocation require a license;
  • cordova-plugin-googlemaps require api keys.

When adding those plugins to the project, they get saved in my config.xml and package.json.

My problem is that I need to commit to Github those files but how can I do it without committing those sensitive data?

Anyone have a solution or suggestion?

Thanks

Steve
  • 309
  • 3
  • 17
  • Use a .gitignore file and insert these files there? – Christoph Jun 02 '18 at 12:31
  • Probably you could use a git encyption tool for those specific files, something like `git-crypt` – Christos Batzilis Jun 02 '18 at 12:53
  • Possible duplicate of [How can I save my secret keys and password securely in my version control system?](https://stackoverflow.com/questions/11575398/how-can-i-save-my-secret-keys-and-password-securely-in-my-version-control-system) – phd Jun 03 '18 at 18:22
  • https://stackoverflow.com/a/6826682/7976758 – phd Jun 03 '18 at 18:22

1 Answers1

0

I keep these local changes in a branch that never gets pushed. My workflow looks like this (assuming master tracks a public branch origin/master):

git checkout -b private
// make local changes, such as plugging in license keys, passwords, etc.
git commit -am "DO NOT PUSH: local changes"
// tag here because later my cherry-pick starts here
git tag -f LOCAL
// now work on what you need to work on... and whenever I am ready, commit away
git commit -am "feature 1"
// keep hacking...
git commit -am "feature 2"

// When I get to a point where I want to push the series of commits I've got to the remote repo:

git checkout master
git cherry-pick LOCAL..private

git push origin master
git rebase master private
git tag -f LOCAL
// resume working...
jingx
  • 3,698
  • 3
  • 24
  • 40