Reputation: 39
How to hide a line of code in a git repository?
I have some GitHub repositories where I have connection strings to online databases, such as Mongo and Firebase.
I have seen some solutions for this problem. But I would like to know if there was a way to hide a line of code in a specific file, so that others would not be able to see the sensitive data and I would run the risk of losing that data.
Note: I cannot delete the entire file, because there are some important configuration on it, I would like to just "make some lines of code invisible" to others. Is it possible?
Upvotes: 3
Views: 10165
Answers (4)
Reputation: 3864
No, it is not possible and YOU SHOULD NEVER put the credentials and other confidential data into the GitHub plaintext. There is lots of bots scanning through the git and gathering the passwords from there.
It is not possible, because even If You would somehow be able to do this. Someone could simply fork/clone Your repository and would be able to see the data again on their disk.
You should consider switching to a different way of providing credentials to Your applications, like secrets or at least environment variables.
But generally the answer to the question asked is no, because it's not how the git works.
Upvotes: 4
Reputation: 60305
I'll add, after repeating the "ffs don't mix secrets in the same dataset with public data" answers above, that Git does allow "smudge" and "clean" filters for data going into and out of the repository, see here for a closely-related question. Sometimes you're stuck with code that still thinks "unobtrusively tucked away" is enough to be made secure and you have to go through gyrations like this.
Upvotes: 2
Reputation: 30232
What people tend to do is to have a sample file included in the project and set .gitignore to ignore the real files so that they are not included in the project.
So, something like having a file called config.properties.sample with default values, have the application read config.properties and set .gitignore with a line that says config.properties. A new developer sits down, clones, creates the real file from the sample adjusting values and everybody will be happy everafter.
Upvotes: 1
Reputation: 787
I think that common practice is using environment variables for your connection configuration. This way you can share example .env config file in your repository and keep your passwords etc. for yourself.
How to use environment variables in your app? It depends on technology and environment you are using so its hard to give one solid answer here.
Upvotes: 3
Related Questions
- How to hide the my one-off fork repo in Github?
- How Can I hide a commit in GITHUB
- Hide specific file from Git public Repo
- How to hide source code tab from user in github?
- Is there a way to hide a line of code from a public GitHub?
- Is there a way to ignore a couple lines in git?
- Hiding commit from github
- Ignore line of code in Git
- Hiding some part of code base using Git
- "Hiding" things in GIT