Is it safe to push a sqilte file to public repo?

Question

I am using sqlite3 with Python and I have a .db file in my project, and it has all the details related to the user, the password hashes, the salt used for hashing, the username, etc. And this file is on a local git repo. I do have a remote public repo for this project. But I was concerned if pushing the database file to a public repo might be a good idea?

Should I make the repo private? Or should I add this file to the .gitignore list and make a way to generate the database and the tables on the fly with empty data?

Or is there a way to protect the database with a username and password kinda like in MySQL, not exactly like that, as MySQL runs on a server and you enter the username and password for using the server rather than a specific database?

I know it might be a better idea to use some cloud-based DB with APIs and all, but this is just a basic level project and I don't have much experience related to cloud-based DBs, but the user might provide actual sensitive data.

So is it a safe option to push the .db file to the public remote repo?

Answer 1

Git, as any other CVS (Concurrent Versioning System), is designed to store source code, and all the files, binary included (possibly by Git LFS), which cannot be generated on demand by tools, source code or scripts.

About the specific case of a database, you should provided DDL scripts to reproduce the DB schema, and the SQL code, evicted of reserved data, to populate it again.

A good approach would be to introduce place holders inside SQL files, and scripts which require sensitive data to substitute to the above place holders.