Using github as a repo for my website with sensitive files

Question

I want to use github to hold all of my website files so I can have multiple people working on fixes at one time. However, some files in the website connect to the database and therefore have login details for connecting to the database. I've searched online and can't find anyone else who has this problem, so I'm wondering whether I'm missing something obvious? I could just not upload those files - but that will break the test suites. I could remove the login details, but then I'd have to re-add them everytime I update the site with the latest release.

Answer 1

Is there no way to publish it to git, but only allow approved contributors to see it?

No: if you access a repo, you access all branches and files.

If you have to use a public repo, you can consider encrypting your data in a way a CI system (continuous Integration) can decrypt.
See for instance travis-encrypt for travis-ci.org to use.

But more generally, the best practice to store sensitive information in a separate referential, one accessible by the environment which will have to use it.

Answer 2

You could make a private repository. GitHub lets you do this if you get one of their paid plans. You could also use a different Git repository website like BitBucket or GitLab, both of which let you make private repositories for free.

Private repositories can only be seen or edited by people you specifically allow to contribute, so you can allow the other members of your team to access it without making it public for the whole world to see.