Reputation: 1929
Git - Remove Sensistive Information In Project File
I have a script that connects to the database for my game. Now this script has database a database username and password, I would like to hide this information from the github repo. I want to put the code up on github. But I'm lazy and don't like to bother with obfuscating the password fields in my code. As I don't want my local repo and the remote repo getting out of sync. Is there any way to hide these fields on commit.
Upvotes: 0
Views: 46
Answers (2)
Reputation: 376
You could consider placing the password in a local file onto the machine on which your game is supposed to run.
Make sure the file is located outside the htdocs directory of your browser, but is still readable by the web server user (e.g. apacheuser). This will allow nobody to view the password file through the file's URL, which would be unsafe. But this still allows your script, which is probably run through the webserver, to access the local file. Of course, it should be located outside of the code file tree you keep in sync with your github repository.
Place the password you want to hide from github into that directory. For enhanced security, consider using an encryption mechanism. Having plain passwords on the server could be a security risk. Be sure that the file is safely encoded (preferably utf-8) and check that there is no newline character around. If there is and you can't get rid of it, you will need to strip
\nfrom the password variable prior to using it.In your script, include this or equivalent code (example in python) before the password is required for the first time:
pwstring = str() with open('passwordfilepath', r) as pwfile: pwstring = pwfile.read()After this, you might want to remove newline characters. For example, you can use the following for that:
pwstring = pwstring.rstrip('\n')Also, if you chose to save an encrypted password, you will need to add a decryption function or something similar.
Upvotes: 0
Reputation: 496
How about having the script read the password from a config file, and either don't commit that or commit a dummy config file? I've done so myself with a Python script that needs to connect as myself to an external database.
Upvotes: 1
Related Questions
- Remove file from git repository history
- Removing commmits from github repo history
- How to hide a line of code in a git repository?
- How to remove user sensitive data from Github
- How to have git remove file from repository
- Modifying only one file in a github stored project
- How to remove a section of a project's commit history in Git?
- Remove issue reference in GitHub
- How to remove files from the GitHub repository?
- How to remove git related data from a git clone?