Clearing sensitive information when running "git commit"

Question

I'm working on a file with a bunch of sensitive information (e.g. passwords).

I'm working with version control and finding it burdensome to erase these passwords every time I commit and push this file.

Is there any way I could write a script somewhere to clear all of this sensitive information when I run "git commit"?

In other words, if my file looks like this:

var password = "test123"

I'd like my file to look like this when I commit it:

var password = ""

Answer 1

The standard (and correct, really) advice is to keep those passwords elsewhere, e.g., read them out of a different, not-version-controlled, file (~/.netrc and so on).

That said, you could use a pre-commit hook to check for a password in the index¹ and abort the commit if present (this is again standard advice: don't modify things in pre-commit hooks, just tell the user that there's something not right, and stop). Or, you could even have the pre-commit hook adjust the index so that the password is absent.

Note that the pre-commit hook can be bypassed by the user, so this is not foolproof, no matter how you set it up (as a verifier, or as a modifier).

---

¹Remember that the new commit will be made from the contents of the index, not that of the working directory. For instance:

$ echo this is what will be committed > foo.txt
$ git add foo.txt                 # put current foo.txt into the index
$ echo the current contents are completely different > foo.txt
$ git commit -m 'demonstrate index vs work dir'

The version of foo.txt in the commit this creates reads "this is what will be committed", even though "the current contents are completely different" is what is in foo.txt if you look at it now. To see what's actually in the index, use, e.g.:

$ git cat-file -p :0:foo.txt

See gitrevisions for what :0:foo.txt means.